From f31cfb2ef937ce08eae9d957158900d6bb5cdea8 Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Wed, 29 Jun 2022 10:48:52 -0400 Subject: [PATCH] support image registries with authentication Based on spec in openstack-helm repo, support-OCI-image-registry-with-authentication-turned-on.rst Each Helm chart can configure an OCI image registry and credentials to use. A Kubernetes secret is then created with these info. Service Accounts then specify an imagePullSecret specifying the Secret with creds for the registry. Then any pod using one of these ServiceAccounts may pull images from an authenticated container registry. Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269 --- calico/Chart.yaml | 2 +- calico/templates/secret-registry.yaml | 17 ++++ calico/values.yaml | 20 ++++ ceph-client/Chart.yaml | 2 +- ceph-client/templates/secret-registry.yaml | 17 ++++ ceph-client/values.yaml | 18 ++++ ceph-mon/Chart.yaml | 2 +- ceph-mon/templates/secret-registry.yaml | 17 ++++ ceph-mon/values.yaml | 18 ++++ ceph-osd/Chart.yaml | 2 +- ceph-osd/templates/secret-registry.yaml | 17 ++++ ceph-osd/values.yaml | 18 ++++ ceph-provisioners/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ ceph-provisioners/values.yaml | 18 ++++ ceph-rgw/Chart.yaml | 2 +- ceph-rgw/templates/secret-registry.yaml | 17 ++++ ceph-rgw/values.yaml | 18 ++++ cert-rotation/Chart.yaml | 2 +- cert-rotation/templates/secret-registry.yaml | 17 ++++ cert-rotation/values.yaml | 21 +++++ daemonjob-controller/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ daemonjob-controller/values.yaml | 19 ++++ elastic-apm-server/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-apm-server/values.yaml | 18 ++++ elastic-filebeat/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-filebeat/values.yaml | 18 ++++ elastic-metricbeat/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-metricbeat/values.yaml | 18 ++++ elastic-packetbeat/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-packetbeat/values.yaml | 18 ++++ elasticsearch/Chart.yaml | 2 +- elasticsearch/templates/secret-registry.yaml | 17 ++++ elasticsearch/values.yaml | 18 ++++ etcd/Chart.yaml | 2 +- etcd/templates/secret-registry.yaml | 17 ++++ etcd/values.yaml | 20 ++++ falco/Chart.yaml | 2 +- falco/templates/secret-registry.yaml | 17 ++++ falco/values.yaml | 22 +++++ flannel/Chart.yaml | 2 +- flannel/templates/secret-registry.yaml | 17 ++++ flannel/values.yaml | 20 ++++ fluentbit/Chart.yaml | 2 +- fluentbit/templates/secret-registry.yaml | 17 ++++ fluentbit/values.yaml | 20 ++++ fluentd/Chart.yaml | 2 +- fluentd/templates/secret-registry.yaml | 17 ++++ fluentd/values.yaml | 21 +++++ grafana/Chart.yaml | 2 +- grafana/templates/secret-registry.yaml | 17 ++++ grafana/values.yaml | 18 ++++ helm-toolkit/Chart.yaml | 2 +- .../manifests/_secret-registry.yaml.tpl | 93 +++++++++++++++++++ .../_kubernetes_pod_rbac_serviceaccount.tpl | 6 ++ ingress/Chart.yaml | 2 +- ingress/templates/secret-registry.yaml | 17 ++++ ingress/values.yaml | 18 ++++ kibana/Chart.yaml | 2 +- kibana/templates/secret-registry.yaml | 17 ++++ kibana/values.yaml | 18 ++++ kube-dns/Chart.yaml | 2 +- kube-dns/templates/secret-registry.yaml | 17 ++++ .../templates/serviceaccount-kube-dns.yaml | 6 ++ kube-dns/values.yaml | 20 ++++ kubernetes-keystone-webhook/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ kubernetes-keystone-webhook/values.yaml | 18 ++++ kubernetes-node-problem-detector/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ kubernetes-node-problem-detector/values.yaml | 20 ++++ ldap/Chart.yaml | 2 +- ldap/templates/secret-registry.yaml | 17 ++++ ldap/values.yaml | 18 ++++ libvirt/Chart.yaml | 2 +- libvirt/templates/secret-registry.yaml | 17 ++++ libvirt/values.yaml | 18 ++++ mariadb/Chart.yaml | 2 +- mariadb/templates/secret-registry.yaml | 17 ++++ mariadb/values.yaml | 18 ++++ memcached/Chart.yaml | 2 +- memcached/templates/secret-registry.yaml | 17 ++++ memcached/values.yaml | 20 ++++ metacontroller/Chart.yaml | 2 +- metacontroller/templates/secret-registry.yaml | 17 ++++ metacontroller/values.yaml | 20 ++++ mongodb/Chart.yaml | 2 +- mongodb/templates/secret-registry.yaml | 17 ++++ mongodb/values.yaml | 20 ++++ nagios/Chart.yaml | 2 +- nagios/templates/secret-registry.yaml | 17 ++++ nagios/values.yaml | 18 ++++ nfs-provisioner/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ nfs-provisioner/values.yaml | 20 ++++ openvswitch/Chart.yaml | 2 +- openvswitch/templates/secret-registry.yaml | 17 ++++ openvswitch/values.yaml | 20 ++++ postgresql/Chart.yaml | 2 +- postgresql/templates/secret-registry.yaml | 17 ++++ postgresql/values.yaml | 18 ++++ powerdns/Chart.yaml | 2 +- powerdns/templates/secret-registry.yaml | 17 ++++ powerdns/values.yaml | 18 ++++ prometheus-alertmanager/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-alertmanager/values.yaml | 18 ++++ prometheus-blackbox-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-blackbox-exporter/values.yaml | 22 +++++ prometheus-kube-state-metrics/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-kube-state-metrics/values.yaml | 20 ++++ prometheus-node-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-node-exporter/values.yaml | 20 ++++ prometheus-openstack-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-openstack-exporter/values.yaml | 18 ++++ prometheus-process-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-process-exporter/values.yaml | 20 ++++ prometheus/Chart.yaml | 2 +- prometheus/templates/secret-registry.yaml | 17 ++++ prometheus/values.yaml | 18 ++++ rabbitmq/Chart.yaml | 2 +- rabbitmq/templates/secret-registry.yaml | 17 ++++ rabbitmq/values.yaml | 18 ++++ redis/Chart.yaml | 2 +- redis/templates/secret-registry.yaml | 17 ++++ redis/values.yaml | 20 ++++ registry/Chart.yaml | 2 +- registry/templates/secret-registry.yaml | 17 ++++ registry/values.yaml | 20 ++++ releasenotes/notes/calico.yaml | 1 + releasenotes/notes/ceph-client.yaml | 1 + releasenotes/notes/ceph-mon.yaml | 1 + releasenotes/notes/ceph-osd.yaml | 1 + releasenotes/notes/ceph-provisioners.yaml | 1 + releasenotes/notes/ceph-rgw.yaml | 1 + releasenotes/notes/cert-rotation.yaml | 1 + releasenotes/notes/daemonjob-controller.yaml | 1 + releasenotes/notes/elastic-apm-server.yaml | 1 + releasenotes/notes/elastic-filebeat.yaml | 1 + releasenotes/notes/elastic-metricbeat.yaml | 1 + releasenotes/notes/elastic-packetbeat.yaml | 1 + releasenotes/notes/elasticsearch.yaml | 1 + releasenotes/notes/etcd.yaml | 1 + releasenotes/notes/falco.yaml | 1 + releasenotes/notes/flannel.yaml | 1 + releasenotes/notes/fluentbit.yaml | 1 + releasenotes/notes/fluentd.yaml | 1 + releasenotes/notes/grafana.yaml | 1 + releasenotes/notes/helm-toolkit.yaml | 1 + releasenotes/notes/ingress.yaml | 1 + releasenotes/notes/kibana.yaml | 1 + releasenotes/notes/kube-dns.yaml | 1 + .../notes/kubernetes-keystone-webhook.yaml | 1 + .../kubernetes-node-problem-detector.yaml | 1 + releasenotes/notes/ldap.yaml | 1 + releasenotes/notes/libvirt.yaml | 1 + releasenotes/notes/mariadb.yaml | 1 + releasenotes/notes/memcached.yaml | 1 + releasenotes/notes/metacontroller.yaml | 1 + releasenotes/notes/mongodb.yaml | 1 + releasenotes/notes/nagios.yaml | 1 + releasenotes/notes/nfs-provisioner.yaml | 1 + releasenotes/notes/openvswitch.yaml | 1 + releasenotes/notes/postgresql.yaml | 1 + releasenotes/notes/powerdns.yaml | 1 + .../notes/prometheus-alertmanager.yaml | 1 + .../notes/prometheus-blackbox-exporter.yaml | 1 + .../notes/prometheus-kube-state-metrics.yaml | 1 + .../notes/prometheus-node-exporter.yaml | 1 + .../notes/prometheus-openstack-exporter.yaml | 1 + .../notes/prometheus-process-exporter.yaml | 1 + releasenotes/notes/prometheus.yaml | 1 + releasenotes/notes/rabbitmq.yaml | 1 + releasenotes/notes/redis.yaml | 1 + releasenotes/notes/registry.yaml | 1 + releasenotes/notes/shaker.yaml | 1 + shaker/Chart.yaml | 2 +- shaker/templates/secret-registry.yaml | 17 ++++ shaker/values.yaml | 18 ++++ 189 files changed, 1856 insertions(+), 47 deletions(-) create mode 100644 calico/templates/secret-registry.yaml create mode 100644 ceph-client/templates/secret-registry.yaml create mode 100644 ceph-mon/templates/secret-registry.yaml create mode 100644 ceph-osd/templates/secret-registry.yaml create mode 100644 ceph-provisioners/templates/secret-registry.yaml create mode 100644 ceph-rgw/templates/secret-registry.yaml create mode 100644 cert-rotation/templates/secret-registry.yaml create mode 100644 daemonjob-controller/templates/secret-registry.yaml create mode 100644 elastic-apm-server/templates/secret-registry.yaml create mode 100644 elastic-filebeat/templates/secret-registry.yaml create mode 100644 elastic-metricbeat/templates/secret-registry.yaml create mode 100644 elastic-packetbeat/templates/secret-registry.yaml create mode 100644 elasticsearch/templates/secret-registry.yaml create mode 100644 etcd/templates/secret-registry.yaml create mode 100644 falco/templates/secret-registry.yaml create mode 100644 flannel/templates/secret-registry.yaml create mode 100644 fluentbit/templates/secret-registry.yaml create mode 100644 fluentd/templates/secret-registry.yaml create mode 100644 grafana/templates/secret-registry.yaml create mode 100644 helm-toolkit/templates/manifests/_secret-registry.yaml.tpl create mode 100644 ingress/templates/secret-registry.yaml create mode 100644 kibana/templates/secret-registry.yaml create mode 100644 kube-dns/templates/secret-registry.yaml create mode 100644 kubernetes-keystone-webhook/templates/secret-registry.yaml create mode 100644 kubernetes-node-problem-detector/templates/secret-registry.yaml create mode 100644 ldap/templates/secret-registry.yaml create mode 100644 libvirt/templates/secret-registry.yaml create mode 100644 mariadb/templates/secret-registry.yaml create mode 100644 memcached/templates/secret-registry.yaml create mode 100644 metacontroller/templates/secret-registry.yaml create mode 100644 mongodb/templates/secret-registry.yaml create mode 100644 nagios/templates/secret-registry.yaml create mode 100644 nfs-provisioner/templates/secret-registry.yaml create mode 100644 openvswitch/templates/secret-registry.yaml create mode 100644 postgresql/templates/secret-registry.yaml create mode 100644 powerdns/templates/secret-registry.yaml create mode 100644 prometheus-alertmanager/templates/secret-registry.yaml create mode 100644 prometheus-blackbox-exporter/templates/secret-registry.yaml create mode 100644 prometheus-kube-state-metrics/templates/secret-registry.yaml create mode 100644 prometheus-node-exporter/templates/secret-registry.yaml create mode 100644 prometheus-openstack-exporter/templates/secret-registry.yaml create mode 100644 prometheus-process-exporter/templates/secret-registry.yaml create mode 100644 prometheus/templates/secret-registry.yaml create mode 100644 rabbitmq/templates/secret-registry.yaml create mode 100644 redis/templates/secret-registry.yaml create mode 100644 registry/templates/secret-registry.yaml create mode 100644 shaker/templates/secret-registry.yaml diff --git a/calico/Chart.yaml b/calico/Chart.yaml index 247fbd189..d46808e0e 100644 --- a/calico/Chart.yaml +++ b/calico/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.0 description: OpenStack-Helm Calico name: calico -version: 0.1.4 +version: 0.1.5 home: https://github.com/projectcalico/calico icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67 sources: diff --git a/calico/templates/secret-registry.yaml b/calico/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/calico/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/calico/values.yaml b/calico/values.yaml index c8424e82e..845cf5a24 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -166,6 +166,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + calico: calico-oci-image-registry + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -180,6 +184,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + calico: + username: calico + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null etcd: auth: client: @@ -572,4 +591,5 @@ manifests: job_calico_settings: true service_calico_etcd: true secret_certificates: true + secret_registry: true ... diff --git a/ceph-client/Chart.yaml b/ceph-client/Chart.yaml index a26082f35..5ebc0847c 100644 --- a/ceph-client/Chart.yaml +++ b/ceph-client/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Client name: ceph-client -version: 0.1.36 +version: 0.1.37 home: https://github.com/ceph/ceph-client ... diff --git a/ceph-client/templates/secret-registry.yaml b/ceph-client/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-client/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-client/values.yaml b/ceph-client/values.yaml index 4ad5cf71a..cc81f03de 100644 --- a/ceph-client/values.yaml +++ b/ceph-client/values.yaml @@ -188,6 +188,8 @@ secrets: rgw: ceph-bootstrap-rgw-keyring mgr: ceph-bootstrap-mgr-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-client: ceph-client-oci-image-registry network: public: 192.168.0.0/16 @@ -517,6 +519,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-client: + username: ceph-client + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -564,4 +581,5 @@ manifests: helm_tests: true cronjob_checkPGs: true cronjob_defragosds: true + secret_registry: true ... diff --git a/ceph-mon/Chart.yaml b/ceph-mon/Chart.yaml index a5db488c7..7d6b9c7ac 100644 --- a/ceph-mon/Chart.yaml +++ b/ceph-mon/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Mon name: ceph-mon -version: 0.1.25 +version: 0.1.26 home: https://github.com/ceph/ceph ... diff --git a/ceph-mon/templates/secret-registry.yaml b/ceph-mon/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-mon/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-mon/values.yaml b/ceph-mon/values.yaml index 25543887c..412d4da25 100644 --- a/ceph-mon/values.yaml +++ b/ceph-mon/values.yaml @@ -215,6 +215,8 @@ secrets: osd: ceph-bootstrap-osd-keyring mgr: ceph-bootstrap-mgr-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-mon: ceph-mon-oci-image-registry-key network: public: 192.168.0.0/16 @@ -424,6 +426,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-mon: + username: ceph-mon + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -473,4 +490,5 @@ manifests: service_mgr: true service_mon_discovery: true job_storage_admin_keys: true + secret_registry: true ... diff --git a/ceph-osd/Chart.yaml b/ceph-osd/Chart.yaml index f5bd86bb4..67c969792 100644 --- a/ceph-osd/Chart.yaml +++ b/ceph-osd/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph OSD name: ceph-osd -version: 0.1.41 +version: 0.1.42 home: https://github.com/ceph/ceph ... diff --git a/ceph-osd/templates/secret-registry.yaml b/ceph-osd/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-osd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-osd/values.yaml b/ceph-osd/values.yaml index ad87e2a15..78b63b4c0 100644 --- a/ceph-osd/values.yaml +++ b/ceph-osd/values.yaml @@ -142,6 +142,8 @@ secrets: keyrings: osd: ceph-bootstrap-osd-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-osd: ceph-osh-oci-image-registry-key network: public: 192.168.0.0/16 @@ -373,6 +375,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-osd: + username: ceph-osd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -395,4 +412,5 @@ manifests: job_post_apply: true job_image_repo_sync: true helm_tests: true + secret_registry: true ... diff --git a/ceph-provisioners/Chart.yaml b/ceph-provisioners/Chart.yaml index 636391489..0f841592f 100644 --- a/ceph-provisioners/Chart.yaml +++ b/ceph-provisioners/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Provisioner name: ceph-provisioners -version: 0.1.20 +version: 0.1.21 home: https://github.com/ceph/ceph ... diff --git a/ceph-provisioners/templates/secret-registry.yaml b/ceph-provisioners/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-provisioners/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-provisioners/values.yaml b/ceph-provisioners/values.yaml index ae61ee6cd..39cf3e440 100644 --- a/ceph-provisioners/values.yaml +++ b/ceph-provisioners/values.yaml @@ -277,6 +277,8 @@ secrets: keyrings: admin: ceph-client-admin-keyring prov_adminSecretName: pvc-ceph-conf-combined-storageclass + oci_image_registry: + ceph-provisioners: ceph-provisioners-oci-image-registry-key network: public: 192.168.0.0/16 @@ -431,6 +433,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-provisioners: + username: ceph-provisioners + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -462,4 +479,5 @@ manifests: job_namespace_client_ceph_config: true storageclass: true helm_tests: true + secret_registry: true ... diff --git a/ceph-rgw/Chart.yaml b/ceph-rgw/Chart.yaml index eb5b30f67..9d795b668 100644 --- a/ceph-rgw/Chart.yaml +++ b/ceph-rgw/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph RadosGW name: ceph-rgw -version: 0.1.22 +version: 0.1.23 home: https://github.com/ceph/ceph ... diff --git a/ceph-rgw/templates/secret-registry.yaml b/ceph-rgw/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-rgw/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml index 6d0e17e57..982131401 100644 --- a/ceph-rgw/values.yaml +++ b/ceph-rgw/values.yaml @@ -259,6 +259,8 @@ secrets: admin: ceph-keystone-admin swift: ceph-keystone-user user_rgw: ceph-keystone-user-rgw + oci_image_registry: + ceph-rgw: ceph-rgw-oci-image-registry-key rgw_s3: admin: radosgw-s3-admin-creds tls: @@ -548,6 +550,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-rgw: + username: ceph-rgw + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone namespace: null @@ -682,6 +699,7 @@ manifests: secret_keystone_rgw: true secret_ingress_tls: true secret_keystone: true + secret_registry: true service_ingress_rgw: true service_rgw: true helm_tests: true diff --git a/cert-rotation/Chart.yaml b/cert-rotation/Chart.yaml index 6a5bae7fb..3925bbb9a 100644 --- a/cert-rotation/Chart.yaml +++ b/cert-rotation/Chart.yaml @@ -16,5 +16,5 @@ appVersion: "1.0" description: Rotate the certificates generated by cert-manager home: https://cert-manager.io/ name: cert-rotation -version: 0.1.5 +version: 0.1.6 ... diff --git a/cert-rotation/templates/secret-registry.yaml b/cert-rotation/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/cert-rotation/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/cert-rotation/values.yaml b/cert-rotation/values.yaml index dc9a59208..6b3d2b82f 100644 --- a/cert-rotation/values.yaml +++ b/cert-rotation/values.yaml @@ -54,8 +54,29 @@ pod: dependencies: static: cert_rotate: null +secrets: + oci_image_registry: + cert-rotation: cert-rotation-oci-image-registry-key +endpoints: + cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + cert-rotation: + username: cert-rotation + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true cron_job_cert_rotate: false job_cert_rotate: false + secret_registry: true ... diff --git a/daemonjob-controller/Chart.yaml b/daemonjob-controller/Chart.yaml index d3d2b4f12..c00f48566 100644 --- a/daemonjob-controller/Chart.yaml +++ b/daemonjob-controller/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: A Helm chart for DaemonjobController name: daemonjob-controller -version: 0.1.5 +version: 0.1.6 home: https://opendev.org/openstack ... diff --git a/daemonjob-controller/templates/secret-registry.yaml b/daemonjob-controller/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/daemonjob-controller/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/daemonjob-controller/values.yaml b/daemonjob-controller/values.yaml index 676bb23f2..c32b1a54e 100644 --- a/daemonjob-controller/values.yaml +++ b/daemonjob-controller/values.yaml @@ -67,6 +67,9 @@ pod: controller: runAsUser: 0 readOnlyRootFilesystem: true +secrets: + oci_image_registry: + daemonjob-controller: daemonjob-controller-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -81,6 +84,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + daemonjob-controller: + username: daemonjob-controller + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null daemonjob_controller: hosts: default: daemonjob-controller @@ -112,5 +130,6 @@ manifests: crds_create: true job_image_repo_sync: true configmap_bin: true + secret_registry: true service: true ... diff --git a/elastic-apm-server/Chart.yaml b/elastic-apm-server/Chart.yaml index ea5ef5f1e..6ceffb9c6 100644 --- a/elastic-apm-server/Chart.yaml +++ b/elastic-apm-server/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v6.2.3 description: OpenStack-Helm Elastic APM Server name: elastic-apm-server -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/guide/en/apm/get-started/current/index.html sources: - https://github.com/elastic/apm-server diff --git a/elastic-apm-server/templates/secret-registry.yaml b/elastic-apm-server/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-apm-server/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-apm-server/values.yaml b/elastic-apm-server/values.yaml index 5b6781a44..afb87b4cc 100644 --- a/elastic-apm-server/values.yaml +++ b/elastic-apm-server/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: elastic-apm-server-elasticsearch-user + oci_image_registry: + elastic-apm-server: elastic-apm-server-oci-image-registry dependencies: dynamic: @@ -84,6 +86,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-apm-server: + username: elastic-apm-server + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -163,4 +180,5 @@ manifests: service: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-filebeat/Chart.yaml b/elastic-filebeat/Chart.yaml index c020d289d..9a6705530 100644 --- a/elastic-filebeat/Chart.yaml +++ b/elastic-filebeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Filebeat name: elastic-filebeat -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/products/beats/filebeat sources: - https://github.com/elastic/beats/tree/master/filebeat diff --git a/elastic-filebeat/templates/secret-registry.yaml b/elastic-filebeat/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-filebeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-filebeat/values.yaml b/elastic-filebeat/values.yaml index 91991ec94..79b40ccff 100644 --- a/elastic-filebeat/values.yaml +++ b/elastic-filebeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: filebeat-elasticsearch-user + oci_image_registry: + elastic-filebeat: elastic-filebeat-oci-image-registry-key dependencies: dynamic: @@ -167,6 +169,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-filebeat: + username: elastic-filebeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -264,4 +281,5 @@ manifests: daemonset: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-metricbeat/Chart.yaml b/elastic-metricbeat/Chart.yaml index ef8a4e2ac..5b35a920d 100644 --- a/elastic-metricbeat/Chart.yaml +++ b/elastic-metricbeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Metricbeat name: elastic-metricbeat -version: 0.1.4 +version: 0.1.5 home: https://www.elastic.co/products/beats/metricbeat sources: - https://github.com/elastic/beats/tree/master/metricbeat diff --git a/elastic-metricbeat/templates/secret-registry.yaml b/elastic-metricbeat/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-metricbeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-metricbeat/values.yaml b/elastic-metricbeat/values.yaml index 7797e0305..8447be5cc 100644 --- a/elastic-metricbeat/values.yaml +++ b/elastic-metricbeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: metricbeat-elasticsearch-user + oci_image_registry: + elastic-metricbeat: elastic-metricbeat-oci-image-registry-key dependencies: dynamic: @@ -163,6 +165,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-metricbeat: + username: elastic-metricbeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kube_state_metrics: namespace: null hosts: @@ -263,4 +280,5 @@ manifests: deployment: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-packetbeat/Chart.yaml b/elastic-packetbeat/Chart.yaml index 5df231ee7..92d042646 100644 --- a/elastic-packetbeat/Chart.yaml +++ b/elastic-packetbeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Packetbeat name: elastic-packetbeat -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/products/beats/packetbeat sources: - https://github.com/elastic/beats/tree/master/packetbeat diff --git a/elastic-packetbeat/templates/secret-registry.yaml b/elastic-packetbeat/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-packetbeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-packetbeat/values.yaml b/elastic-packetbeat/values.yaml index 5310141ee..98e152899 100644 --- a/elastic-packetbeat/values.yaml +++ b/elastic-packetbeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: packetbeat-elasticsearch-user + oci_image_registry: + elastic-packetbeat: elastic-packetbeat-oci-image-registry-key dependencies: dynamic: @@ -106,6 +108,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-packetbeat: + username: elastic-packetbeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -182,4 +199,5 @@ manifests: daemonset: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml index d7f5363e9..5296914a9 100644 --- a/elasticsearch/Chart.yaml +++ b/elasticsearch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.6.2 description: OpenStack-Helm ElasticSearch name: elasticsearch -version: 0.2.20 +version: 0.2.21 home: https://www.elastic.co/ sources: - https://github.com/elastic/elasticsearch diff --git a/elasticsearch/templates/secret-registry.yaml b/elasticsearch/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elasticsearch/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 92ec26cfa..5a9c5de2a 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -422,6 +422,8 @@ secrets: elasticsearch: elasticsearch-s3-user-creds elasticsearch: user: elasticsearch-user-secrets + oci_image_registry: + elasticsearch: elasticsearch-oci-image-registry-key tls: elasticsearch: elasticsearch: @@ -775,6 +777,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elasticsearch: + username: elasticsearch + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -960,6 +977,7 @@ manifests: service_exporter: true network_policy: false secret_ingress_tls: true + secret_registry: true service_data: true service_discovery: true service_ingress: true diff --git a/etcd/Chart.yaml b/etcd/Chart.yaml index 16768b9af..b819ecaea 100644 --- a/etcd/Chart.yaml +++ b/etcd/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.3 description: OpenStack-Helm etcd name: etcd -version: 0.1.4 +version: 0.1.5 home: https://coreos.com/etcd/ icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png sources: diff --git a/etcd/templates/secret-registry.yaml b/etcd/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/etcd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/etcd/values.yaml b/etcd/values.yaml index e2cef8455..efe8d61d1 100644 --- a/etcd/values.yaml +++ b/etcd/values.yaml @@ -92,6 +92,10 @@ pod: memory: "1024Mi" cpu: "2000m" +secrets: + oci_image_registry: + etcd: etcd-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -106,6 +110,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + etcd: + username: etcd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null etcd: name: etcd hosts: @@ -124,5 +143,6 @@ manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true ... diff --git a/falco/Chart.yaml b/falco/Chart.yaml index 0001c1a7f..d1c37a51c 100644 --- a/falco/Chart.yaml +++ b/falco/Chart.yaml @@ -13,7 +13,7 @@ --- apiVersion: v1 name: falco -version: 0.1.6 +version: 0.1.7 appVersion: 0.11.1 description: Sysdig Falco keywords: diff --git a/falco/templates/secret-registry.yaml b/falco/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/falco/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/falco/values.yaml b/falco/values.yaml index eac87006a..841a622b5 100644 --- a/falco/values.yaml +++ b/falco/values.yaml @@ -23,6 +23,27 @@ images: - dep_check - image_repo_sync +secrets: + oci_image_registry: + falco: falco-oci-image-registry-key + +endpoints: + cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + falco: + username: falco + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null pod: resources: @@ -1361,4 +1382,5 @@ manifests: configmap_etc: true configmap_custom_rules: false configmap_bin: true + secret_registry: true ... diff --git a/flannel/Chart.yaml b/flannel/Chart.yaml index 2d03c734f..520066c6d 100644 --- a/flannel/Chart.yaml +++ b/flannel/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.8.0 description: OpenStack-Helm BootStrap Flannel name: flannel -version: 0.1.3 +version: 0.1.4 home: https://github.com/coreos/flannel icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png sources: diff --git a/flannel/templates/secret-registry.yaml b/flannel/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/flannel/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/flannel/values.yaml b/flannel/values.yaml index e0fdc8107..698b2de6e 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -63,6 +63,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + flannel: flannel-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -77,10 +81,26 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + flannel: + username: flannel + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true configmap_kube_flannel_cfg: true daemonset_kube_flannel_ds: true job_image_repo_sync: true + secret_registry: true ... diff --git a/fluentbit/Chart.yaml b/fluentbit/Chart.yaml index 91590fb34..2bbe55b19 100644 --- a/fluentbit/Chart.yaml +++ b/fluentbit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.14.2 description: OpenStack-Helm Fluentbit name: fluentbit -version: 0.1.3 +version: 0.1.4 home: https://www.fluentbit.io/ sources: - https://github.com/fluent/fluentbit diff --git a/fluentbit/templates/secret-registry.yaml b/fluentbit/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/fluentbit/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/fluentbit/values.yaml b/fluentbit/values.yaml index 51462b415..c6688b3ac 100644 --- a/fluentbit/values.yaml +++ b/fluentbit/values.yaml @@ -173,6 +173,10 @@ conf: Time_Keep true Time_Key time +secrets: + oci_image_registry: + fluentbit: fluentbit-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -187,6 +191,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + fluentbit: + username: fluentbit + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null fluentd: namespace: null name: fluentd @@ -254,4 +273,5 @@ manifests: configmap_etc: true daemonset_fluentbit: true job_image_repo_sync: true + secret_registry: true ... diff --git a/fluentd/Chart.yaml b/fluentd/Chart.yaml index ab174e63c..c37facb68 100644 --- a/fluentd/Chart.yaml +++ b/fluentd/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.10.1 description: OpenStack-Helm Fluentd name: fluentd -version: 0.1.7 +version: 0.1.8 home: https://www.fluentd.org/ sources: - https://github.com/fluent/fluentd diff --git a/fluentd/templates/secret-registry.yaml b/fluentd/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/fluentd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/fluentd/values.yaml b/fluentd/values.yaml index 0e8df63cc..93f557ad7 100644 --- a/fluentd/values.yaml +++ b/fluentd/values.yaml @@ -99,6 +99,11 @@ conf: user "#{ENV['ELASTICSEARCH_USERNAME']}" + +secrets: + oci_image_registry: + fluentd: fluentd-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -113,6 +118,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + fluentd: + username: fluentd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -255,5 +275,6 @@ manifests: secret_elasticsearch: true secret_fluentd_env: true secret_kafka: false + secret_registry: true service_fluentd: true ... diff --git a/grafana/Chart.yaml b/grafana/Chart.yaml index c77b51ac4..d60180fca 100644 --- a/grafana/Chart.yaml +++ b/grafana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.4.5 description: OpenStack-Helm Grafana name: grafana -version: 0.1.14 +version: 0.1.15 home: https://grafana.com/ sources: - https://github.com/grafana/grafana diff --git a/grafana/templates/secret-registry.yaml b/grafana/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/grafana/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index 93f738f10..1093cae21 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -196,6 +196,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + grafana: + username: grafana + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_db: namespace: null auth: @@ -370,6 +385,8 @@ network_policy: - {} secrets: + oci_image_registry: + grafana: grafana-oci-image-registry-key oslo_db: admin: grafana-db-admin user: grafana-db-user @@ -403,6 +420,7 @@ manifests: secret_admin_creds: true secret_ingress_tls: true secret_prom_creds: true + secret_registry: true service: true service_ingress: true diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml index 3c36b200c..17df30831 100644 --- a/helm-toolkit/Chart.yaml +++ b/helm-toolkit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Helm-Toolkit name: helm-toolkit -version: 0.2.43 +version: 0.2.44 home: https://docs.openstack.org/openstack-helm icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png sources: diff --git a/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl new file mode 100644 index 000000000..4854bb1ec --- /dev/null +++ b/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -0,0 +1,93 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Creates a manifest for a authenticating a registry with a secret +examples: + - values: | + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} + + - values: | + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} +*/}} + +{{- define "helm-toolkit.manifests.secret_registry" }} +{{- $envAll := index . "envAll" }} +{{- $registryUser := index . "registryUser" }} +{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }} +{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }} +{{/* +We only use "host:port" when port is non-null, else just use "host" +*/}} +{{- $registryPort := "" }} +{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }} +{{- if $port }} +{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $registryPort = printf ":%s" $port }} +{{- end }} +{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }} +{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }} +{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ $dockerAuth }} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl index 4cc898ddd..bc2045e5f 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl @@ -42,6 +42,12 @@ kind: ServiceAccount metadata: name: {{ $saName }} namespace: {{ $saNamespace }} +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- range $k, $v := $deps -}} {{- if eq $k "services" }} {{- range $serv := $v }} diff --git a/ingress/Chart.yaml b/ingress/Chart.yaml index 12c519a68..19a93a4a8 100644 --- a/ingress/Chart.yaml +++ b/ingress/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.42.0 description: OpenStack-Helm Ingress Controller name: ingress -version: 0.2.8 +version: 0.2.9 home: https://github.com/kubernetes/ingress sources: - https://github.com/kubernetes/ingress diff --git a/ingress/templates/secret-registry.yaml b/ingress/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ingress/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index e42d87833..519536ac7 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -204,6 +204,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ingress: + username: ingress + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ingress: hosts: default: ingress @@ -270,6 +285,8 @@ network_policy: - {} secrets: + oci_image_registry: + ingress: ingress-oci-image-registry-key tls: ingress: api: @@ -333,4 +350,5 @@ manifests: prometheus: service_exporter: true network_policy: false + secret_registry: true ... diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml index d2ef4f1e6..d71d8197c 100644 --- a/kibana/Chart.yaml +++ b/kibana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Kibana name: kibana -version: 0.1.10 +version: 0.1.11 home: https://www.elastic.co/products/kibana sources: - https://github.com/elastic/kibana diff --git a/kibana/templates/secret-registry.yaml b/kibana/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kibana/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index ac3d07c14..58c0b7936 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -140,6 +140,8 @@ network_policy: secrets: elasticsearch: user: kibana-elasticsearch-user + oci_image_registry: + kibana: kibana-oci-image-registry-key tls: kibana: kibana: @@ -330,6 +332,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kibana: + username: kibana + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -421,6 +438,7 @@ manifests: network_policy: false secret_elasticsearch: true secret_ingress_tls: true + secret_registry: true service: true service_ingress: true job_register_kibana_indexes: true diff --git a/kube-dns/Chart.yaml b/kube-dns/Chart.yaml index b6e6f6472..d38d877b4 100644 --- a/kube-dns/Chart.yaml +++ b/kube-dns/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.14.5 description: OpenStack-Helm Kube-DNS name: kube-dns -version: 0.1.4 +version: 0.1.5 home: https://github.com/coreos/flannel icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png sources: diff --git a/kube-dns/templates/secret-registry.yaml b/kube-dns/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kube-dns/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kube-dns/templates/serviceaccount-kube-dns.yaml b/kube-dns/templates/serviceaccount-kube-dns.yaml index c4cdf505c..6c10146aa 100644 --- a/kube-dns/templates/serviceaccount-kube-dns.yaml +++ b/kube-dns/templates/serviceaccount-kube-dns.yaml @@ -22,4 +22,10 @@ metadata: labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- end }} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index a90ad936e..5608ef1e1 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -66,6 +66,10 @@ dependencies: kube_dns: services: null +secrets: + oci_image_registry: + kube-dns: kube-dns-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -80,12 +84,28 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kube-dns: + username: kube-dns + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true configmap_kube_dns: true deployment_kube_dns: true job_image_repo_sync: true + secret_registry: true service_kube_dns: true serviceaccount_kube_dns: true ... diff --git a/kubernetes-keystone-webhook/Chart.yaml b/kubernetes-keystone-webhook/Chart.yaml index 0131bf7ae..eb5d7a81b 100644 --- a/kubernetes-keystone-webhook/Chart.yaml +++ b/kubernetes-keystone-webhook/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.2.0 description: OpenStack-Helm Kubernetes keystone webhook name: kubernetes-keystone-webhook -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/cloud-provider-openstack sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/kubernetes-keystone-webhook/templates/secret-registry.yaml b/kubernetes-keystone-webhook/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kubernetes-keystone-webhook/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kubernetes-keystone-webhook/values.yaml b/kubernetes-keystone-webhook/values.yaml index dad4e929b..a1374caf6 100644 --- a/kubernetes-keystone-webhook/values.yaml +++ b/kubernetes-keystone-webhook/values.yaml @@ -478,9 +478,26 @@ secrets: admin: kubernetes-keystone-webhook-admin certificates: api: kubernetes-keystone-webhook-certs + oci_image_registry: + kubernetes-keystone-webhook: kubernetes-keystone-webhook-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kubernetes-keystone-webhook: + username: kubernetes-keystone-webhook + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kubernetes: auth: api: @@ -552,6 +569,7 @@ manifests: pod_test: true secret_certificates: true secret_keystone: true + secret_registry: true service_ingress_api: true service: true ... diff --git a/kubernetes-node-problem-detector/Chart.yaml b/kubernetes-node-problem-detector/Chart.yaml index b1d3f5b61..c9b1b6f8f 100644 --- a/kubernetes-node-problem-detector/Chart.yaml +++ b/kubernetes-node-problem-detector/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Kubernetes Node Problem Detector name: kubernetes-node-problem-detector -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/node-problem-detector sources: - https://github.com/kubernetes/node-problem-detector diff --git a/kubernetes-node-problem-detector/templates/secret-registry.yaml b/kubernetes-node-problem-detector/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kubernetes-node-problem-detector/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kubernetes-node-problem-detector/values.yaml b/kubernetes-node-problem-detector/values.yaml index 516ca1cc4..5c3c61770 100644 --- a/kubernetes-node-problem-detector/values.yaml +++ b/kubernetes-node-problem-detector/values.yaml @@ -35,6 +35,10 @@ labels: node_selector_key: openstack-control-plane node_selector_value: enabled +secrets: + oci_image_registry: + kubernetes-node-problem-detector: kubernetes-node-problem-detector-oci-image-registry-key + pod: security_context: node_problem_detector: @@ -135,6 +139,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kubernetes-node-problem-detector: + username: kubernetes-node-problem-detector + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null node_problem_detector: name: node-problem-detector namespace: null @@ -153,6 +172,7 @@ manifests: configmap_etc: true daemonset: true job_image_repo_sync: true + secret_registry: true service: false conf: diff --git a/ldap/Chart.yaml b/ldap/Chart.yaml index 5fffb7ccd..70d2073ec 100644 --- a/ldap/Chart.yaml +++ b/ldap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.2.0 description: OpenStack-Helm LDAP name: ldap -version: 0.1.3 +version: 0.1.4 home: https://www.openldap.org/ maintainers: - name: OpenStack-Helm Authors diff --git a/ldap/templates/secret-registry.yaml b/ldap/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ldap/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ldap/values.yaml b/ldap/values.yaml index 45b7a609b..3e3544b2d 100644 --- a/ldap/values.yaml +++ b/ldap/values.yaml @@ -137,6 +137,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ldap: + username: ldap + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ldap: hosts: default: ldap @@ -230,6 +245,8 @@ secrets: identity: admin: admin ldap: ldap + oci_image_registry: + ldap: ldap-oci-image-registry-key openldap: domain: cluster.local @@ -241,6 +258,7 @@ manifests: job_bootstrap: true job_image_repo_sync: true network_policy: false + secret_registry: true statefulset: true service: true ... diff --git a/libvirt/Chart.yaml b/libvirt/Chart.yaml index 462c56afb..d17726e69 100644 --- a/libvirt/Chart.yaml +++ b/libvirt/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm libvirt name: libvirt -version: 0.1.12 +version: 0.1.13 home: https://libvirt.org sources: - https://libvirt.org/git/?p=libvirt.git;a=summary diff --git a/libvirt/templates/secret-registry.yaml b/libvirt/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/libvirt/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/libvirt/values.yaml b/libvirt/values.yaml index 53ea05a0b..1264fd614 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -58,6 +58,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + libvirt: + username: libvirt + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null libvirt_exporter: port: metrics: @@ -237,8 +252,11 @@ manifests: daemonset_libvirt: true job_image_repo_sync: true network_policy: false + secret_registry: true secrets: + oci_image_registry: + libvirt: libvirt-oci-image-registry-key tls: server: libvirt-tls-server client: libvirt-tls-client diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml index de965d53c..5e1f6e362 100644 --- a/mariadb/Chart.yaml +++ b/mariadb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v10.2.31 description: OpenStack-Helm MariaDB name: mariadb -version: 0.2.25 +version: 0.2.26 home: https://mariadb.com/kb/en/ icon: http://badges.mariadb.org/mariadb-badge-180x60.png sources: diff --git a/mariadb/templates/secret-registry.yaml b/mariadb/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/mariadb/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mariadb/values.yaml b/mariadb/values.yaml index 6664b1d32..b2393eb3d 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -496,6 +496,8 @@ secrets: mariadb: mariadb-backup-user mariadb: backup_restore: mariadb-backup-restore + oci_image_registry: + mariadb: mariadb-oci-image-registry-key tls: oslo_db: server: @@ -519,6 +521,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mariadb: + username: mariadb + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -677,6 +694,7 @@ manifests: secret_dbaudit_password: true secret_backup_restore: false secret_etc: true + secret_registry: true service_discovery: true service_ingress: true service_error: true diff --git a/memcached/Chart.yaml b/memcached/Chart.yaml index c2cdd32dc..7c7d652d7 100644 --- a/memcached/Chart.yaml +++ b/memcached/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.5.5 description: OpenStack-Helm Memcached name: memcached -version: 0.1.11 +version: 0.1.12 home: https://github.com/memcached/memcached ... diff --git a/memcached/templates/secret-registry.yaml b/memcached/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/memcached/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/memcached/values.yaml b/memcached/values.yaml index f03a69014..b9e633938 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -42,6 +42,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + memcached: memcached-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -56,6 +60,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + memcached: + username: memcached + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_cache: namespace: null host_fqdn_override: @@ -121,6 +140,7 @@ manifests: job_image_repo_sync: true network_policy: false service: true + secret_registry: true pod: security_context: diff --git a/metacontroller/Chart.yaml b/metacontroller/Chart.yaml index 26456fc82..d44f9b942 100644 --- a/metacontroller/Chart.yaml +++ b/metacontroller/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.4.2 description: A Helm chart for Metacontroller name: metacontroller -version: 0.1.5 +version: 0.1.6 home: https://metacontroller.app/ keywords: - CRDs diff --git a/metacontroller/templates/secret-registry.yaml b/metacontroller/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/metacontroller/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/metacontroller/values.yaml b/metacontroller/values.yaml index 4a6210a40..4fdc35a79 100644 --- a/metacontroller/values.yaml +++ b/metacontroller/values.yaml @@ -81,6 +81,10 @@ pod: readOnlyRootFilesystem: true allowPrivilegeEscalation: false +secrets: + oci_image_registry: + metacontroller: metacontroller-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -95,6 +99,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + metacontroller: + username: metacontroller + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null metacontroller: hosts: default: metacontroller @@ -105,6 +124,7 @@ endpoints: default: 8083 manifests: + secret_registry: true service: true statefulset: true job_image_repo_sync: true diff --git a/mongodb/Chart.yaml b/mongodb/Chart.yaml index 348eae41a..d7fe37525 100644 --- a/mongodb/Chart.yaml +++ b/mongodb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.9 description: OpenStack-Helm MongoDB name: mongodb -version: 0.1.3 +version: 0.1.4 home: https://www.mongodb.com sources: - https://github.com/mongodb/mongo diff --git a/mongodb/templates/secret-registry.yaml b/mongodb/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/mongodb/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mongodb/values.yaml b/mongodb/values.yaml index 596512345..90167a0d8 100644 --- a/mongodb/values.yaml +++ b/mongodb/values.yaml @@ -74,6 +74,10 @@ labels: node_selector_key: openstack-control-plane node_selector_value: enabled +secrets: + oci_image_registry: + mongodb: mongodb-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -88,6 +92,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mongodb: + username: mongodb + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null mongodb: auth: admin: @@ -124,6 +143,7 @@ manifests: configmap_bin: true job_image_repo_sync: true secret_db_root_creds: true + secret_registry: true service: true statefulset: true ... diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml index 29bbea242..e45335cec 100644 --- a/nagios/Chart.yaml +++ b/nagios/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nagios name: nagios -version: 0.1.5 +version: 0.1.6 home: https://www.nagios.org sources: - https://opendev.org/openstack/openstack-helm-addons diff --git a/nagios/templates/secret-registry.yaml b/nagios/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/nagios/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nagios/values.yaml b/nagios/values.yaml index 11632938e..6c66e12bc 100644 --- a/nagios/values.yaml +++ b/nagios/values.yaml @@ -63,6 +63,8 @@ dependencies: secrets: nagios: admin: nagios-admin-creds + oci_image_registry: + nagios: nagios-oci-image-registry-key tls: nagios: nagios: @@ -82,6 +84,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nagios: + username: nagios + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus auth: @@ -295,6 +312,7 @@ manifests: pod_helm_test: true secret_nagios: true secret_ingress_tls: true + secret_registry: true service: true service_ingress: true diff --git a/nfs-provisioner/Chart.yaml b/nfs-provisioner/Chart.yaml index c848add71..0a309408b 100644 --- a/nfs-provisioner/Chart.yaml +++ b/nfs-provisioner/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.2.1 description: OpenStack-Helm NFS name: nfs-provisioner -version: 0.1.3 +version: 0.1.4 home: https://github.com/kubernetes-incubator/external-storage sources: - https://github.com/kubernetes-incubator/external-storage diff --git a/nfs-provisioner/templates/secret-registry.yaml b/nfs-provisioner/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/nfs-provisioner/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml index ad3e7538b..4d929e6e1 100644 --- a/nfs-provisioner/values.yaml +++ b/nfs-provisioner/values.yaml @@ -102,6 +102,10 @@ dependencies: nfs: services: null +secrets: + oci_image_registry: + nfs-provisioner: nfs-provisioner-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -116,6 +120,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nfs-provisioner: + username: nfs-provisioner + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null nfs: hosts: default: nfs-provisioner @@ -131,6 +150,7 @@ manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true storage_class: true volume_claim: true diff --git a/openvswitch/Chart.yaml b/openvswitch/Chart.yaml index 653c49ca0..10f3fe016 100644 --- a/openvswitch/Chart.yaml +++ b/openvswitch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm OpenVSwitch name: openvswitch -version: 0.1.7 +version: 0.1.8 home: http://openvswitch.org icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/openvswitch/templates/secret-registry.yaml b/openvswitch/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/openvswitch/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml index c953a8990..5cbb30d43 100644 --- a/openvswitch/values.yaml +++ b/openvswitch/values.yaml @@ -148,6 +148,10 @@ pod: nova: uid: 42424 +secrets: + oci_image_registry: + openvswitch: openvswitch-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -162,6 +166,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + openvswitch: + username: openvswitch + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null network_policy: openvswitch: @@ -198,6 +217,7 @@ manifests: daemonset_ovs_vswitchd: true job_image_repo_sync: true network_policy: false + secret_registry: true conf: openvswitch_db_server: diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml index b71bd310d..206ce9641 100644 --- a/postgresql/Chart.yaml +++ b/postgresql/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v9.6 description: OpenStack-Helm PostgreSQL name: postgresql -version: 0.1.15 +version: 0.1.16 home: https://www.postgresql.org sources: - https://github.com/postgres/postgres diff --git a/postgresql/templates/secret-registry.yaml b/postgresql/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/postgresql/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/postgresql/values.yaml b/postgresql/values.yaml index 2e6d4bda6..1df9275ca 100644 --- a/postgresql/values.yaml +++ b/postgresql/values.yaml @@ -340,6 +340,8 @@ conf: description: "Time at which postmaster started" secrets: + oci_image_registry: + postgresql: postgresql-oci-image-registry-key postgresql: admin: postgresql-admin exporter: postgresql-exporter @@ -366,6 +368,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + postresql: + username: postresql + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null postgresql: auth: admin: @@ -459,6 +476,7 @@ manifests: secret_etc: true secret_audit: true secret_backup_restore: false + secret_registry: true service: true statefulset: true cron_job_postgresql_backup: false diff --git a/powerdns/Chart.yaml b/powerdns/Chart.yaml index 2d3d02b21..16e908c2b 100644 --- a/powerdns/Chart.yaml +++ b/powerdns/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v4.1.10 description: OpenStack-Helm PowerDNS name: powerdns -version: 0.1.5 +version: 0.1.6 home: https://www.powerdns.com/ maintainers: - name: OpenStack-Helm Authors diff --git a/powerdns/templates/secret-registry.yaml b/powerdns/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/powerdns/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/powerdns/values.yaml b/powerdns/values.yaml index 1961c6c78..91a4cde70 100644 --- a/powerdns/values.yaml +++ b/powerdns/values.yaml @@ -135,6 +135,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + powerdns: + username: powerdns + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null powerdns: auth: service: @@ -170,6 +185,8 @@ endpoints: default: 3306 secrets: + oci_image_registry: + powerdns: powerdns-oci-image-registry-key oslo_db: admin: powerdns-db-admin powerdns: powerdns-db-user @@ -199,6 +216,7 @@ manifests: job_db_init: true job_db_sync: true secret_db: true + secret_registry: true service_dns: true service_api: false ... diff --git a/prometheus-alertmanager/Chart.yaml b/prometheus-alertmanager/Chart.yaml index 162cd8286..c197e4752 100644 --- a/prometheus-alertmanager/Chart.yaml +++ b/prometheus-alertmanager/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.20.0 description: OpenStack-Helm Alertmanager for Prometheus name: prometheus-alertmanager -version: 0.1.8 +version: 0.1.9 home: https://prometheus.io/docs/alerting/alertmanager/ sources: - https://github.com/prometheus/alertmanager diff --git a/prometheus-alertmanager/templates/secret-registry.yaml b/prometheus-alertmanager/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-alertmanager/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml index 1a005e340..045042257 100644 --- a/prometheus-alertmanager/values.yaml +++ b/prometheus-alertmanager/values.yaml @@ -114,6 +114,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-alertmanager: + username: prometheus-alertmanager + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null alertmanager: name: prometheus-alertmanager namespace: null @@ -194,6 +209,8 @@ network: port: 30903 secrets: + oci_image_registry: + prometheus-alertmanager: prometheus-alertmanager-oci-image-registry-key tls: alertmanager: alertmanager: @@ -217,6 +234,7 @@ manifests: network_policy: false secret_admin_user: true secret_ingress_tls: true + secret_registry: true service: true service_discovery: true service_ingress: true diff --git a/prometheus-blackbox-exporter/Chart.yaml b/prometheus-blackbox-exporter/Chart.yaml index 5acdd512c..afd7f7c53 100644 --- a/prometheus-blackbox-exporter/Chart.yaml +++ b/prometheus-blackbox-exporter/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v0.16.0 description: OpenStack-Helm blackbox exporter for Prometheus name: prometheus-blackbox-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/prometheus/blackbox_exporter sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/prometheus-blackbox-exporter/templates/secret-registry.yaml b/prometheus-blackbox-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-blackbox-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-blackbox-exporter/values.yaml b/prometheus-blackbox-exporter/values.yaml index 627aa4c10..80eb75dd2 100644 --- a/prometheus-blackbox-exporter/values.yaml +++ b/prometheus-blackbox-exporter/values.yaml @@ -30,8 +30,27 @@ service: annotations: {} port: 9115 +secrets: + oci_image_registry: + prometheus-blackbox-exporter: prometheus-blackbox-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-blackbox-exporter: + username: prometheus-blackbox-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null prometheus_blackbox_exporter: namespace: null hosts: @@ -118,4 +137,7 @@ config: valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] no_follow_redirects: false preferred_ip_protocol: "ip4" + +manifests: + secret_registry: true ... diff --git a/prometheus-kube-state-metrics/Chart.yaml b/prometheus-kube-state-metrics/Chart.yaml index f5c035392..f61ec5e20 100644 --- a/prometheus-kube-state-metrics/Chart.yaml +++ b/prometheus-kube-state-metrics/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.3.1 description: OpenStack-Helm Kube-State-Metrics for Prometheus name: prometheus-kube-state-metrics -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics diff --git a/prometheus-kube-state-metrics/templates/secret-registry.yaml b/prometheus-kube-state-metrics/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-kube-state-metrics/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-kube-state-metrics/values.yaml b/prometheus-kube-state-metrics/values.yaml index 283062f64..1e7d437e2 100644 --- a/prometheus-kube-state-metrics/values.yaml +++ b/prometheus-kube-state-metrics/values.yaml @@ -113,6 +113,10 @@ dependencies: kube_state_metrics: services: null +secrets: + oci_image_registry: + prometheus-kube-state-metrics: prometheus-kube-state-metrics-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -127,6 +131,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-kube-state-metrics: + username: prometheus-kube-state-metrics + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kube_state_metrics: namespace: null hosts: @@ -179,6 +198,7 @@ manifests: deployment: true job_image_repo_sync: true network_policy: false + secret_registry: true service_kube_state_metrics: true service_controller_manager: true service_scheduler: true diff --git a/prometheus-node-exporter/Chart.yaml b/prometheus-node-exporter/Chart.yaml index fee63ead2..d6ffa6ecb 100644 --- a/prometheus-node-exporter/Chart.yaml +++ b/prometheus-node-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.18.1 description: OpenStack-Helm Node Exporter for Prometheus name: prometheus-node-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/prometheus/node_exporter sources: - https://github.com/prometheus/node_exporter diff --git a/prometheus-node-exporter/templates/secret-registry.yaml b/prometheus-node-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-node-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml index b4fe17b1f..f1c45d6d2 100644 --- a/prometheus-node-exporter/values.yaml +++ b/prometheus-node-exporter/values.yaml @@ -113,6 +113,10 @@ monitoring: node_exporter: scrape: true +secrets: + oci_image_registry: + prometheus-node-exporter: prometheus-node-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -127,6 +131,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-node-exporter: + username: prometheus-node-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null node_metrics: namespace: null hosts: @@ -145,6 +164,7 @@ manifests: configmap_bin: true daemonset: true job_image_repo_sync: true + secret_registry: true service: true conf: diff --git a/prometheus-openstack-exporter/Chart.yaml b/prometheus-openstack-exporter/Chart.yaml index 8efd749af..384ec1a6a 100644 --- a/prometheus-openstack-exporter/Chart.yaml +++ b/prometheus-openstack-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack Metrics Exporter for Prometheus name: prometheus-openstack-exporter -version: 0.1.6 +version: 0.1.7 home: https://github.com/openstack/openstack-helm-infra sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/prometheus-openstack-exporter/templates/secret-registry.yaml b/prometheus-openstack-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-openstack-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index bcb97421a..c5316a562 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -134,6 +134,8 @@ secrets: identity: admin: prometheus-openstack-exporter-keystone-admin user: prometheus-openstack-exporter-keystone-user + oci_image_registry: + prometheus-openstack-exporter: prometheus-openstack-exporter-oci-image-registry-key tls: identity: api: @@ -157,6 +159,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-openstack-exporter: + username: prometheus-openstack-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null prometheus_openstack_exporter: namespace: null hosts: @@ -227,5 +244,6 @@ manifests: job_ks_user: true network_policy: false secret_keystone: true + secret_registry: true service: true ... diff --git a/prometheus-process-exporter/Chart.yaml b/prometheus-process-exporter/Chart.yaml index 1c1b43ebd..8b1c76f81 100644 --- a/prometheus-process-exporter/Chart.yaml +++ b/prometheus-process-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.2.11 description: OpenStack-Helm Process Exporter for Prometheus name: prometheus-process-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/openstack/openstack-helm-infra sources: - https://github.com/ncabatoff/process-exporter diff --git a/prometheus-process-exporter/templates/secret-registry.yaml b/prometheus-process-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-process-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-process-exporter/values.yaml b/prometheus-process-exporter/values.yaml index a5837c529..5cb99be03 100644 --- a/prometheus-process-exporter/values.yaml +++ b/prometheus-process-exporter/values.yaml @@ -115,6 +115,10 @@ monitoring: process_exporter: scrape: true +secrets: + oci_image_registry: + prometheus-process-exporter: prometheus-process-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -129,6 +133,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-process-exporter: + username: prometheus-process-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null process_exporter_metrics: namespace: null hosts: @@ -154,6 +173,7 @@ manifests: configmap_bin: true daemonset: true job_image_repo_sync: true + secret_registry: true service: true conf: diff --git a/prometheus/Chart.yaml b/prometheus/Chart.yaml index d7f49ad8e..3413aeee7 100644 --- a/prometheus/Chart.yaml +++ b/prometheus/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.25.0 description: OpenStack-Helm Prometheus name: prometheus -version: 0.1.12 +version: 0.1.13 home: https://prometheus.io/ sources: - https://github.com/prometheus/prometheus diff --git a/prometheus/templates/secret-registry.yaml b/prometheus/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 142e75884..5872f1739 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -137,6 +137,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus: + username: prometheus + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -257,6 +272,8 @@ network_policy: - {} secrets: + oci_image_registry: + prometheus: prometheus-oci-image-registry-key tls: monitoring: prometheus: @@ -302,6 +319,7 @@ manifests: network_policy: true secret_ingress_tls: true secret_prometheus: true + secret_registry: true service_ingress: true service: true statefulset_prometheus: true diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml index b6b99f135..1af35a358 100644 --- a/rabbitmq/Chart.yaml +++ b/rabbitmq/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v3.9.0 description: OpenStack-Helm RabbitMQ name: rabbitmq -version: 0.1.23 +version: 0.1.24 home: https://github.com/rabbitmq/rabbitmq-server ... diff --git a/rabbitmq/templates/secret-registry.yaml b/rabbitmq/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/rabbitmq/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 569b2834e..23b1266f1 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -269,6 +269,8 @@ network: nginx.ingress.kubernetes.io/rewrite-target: / secrets: + oci_image_registry: + rabbitmq: rabbitmq-oci-image-registry-key tls: oslo_messaging: server: @@ -291,6 +293,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + rabbitmq: + username: rabbitmq + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -406,6 +423,7 @@ manifests: pod_test: true secret_admin_user: true secret_erlang_cookie: true + secret_registry: true service_discovery: true service_ingress_management: true service: true diff --git a/redis/Chart.yaml b/redis/Chart.yaml index 589e52ab4..8f13833a6 100644 --- a/redis/Chart.yaml +++ b/redis/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v4.0.1 description: OpenStack-Helm Redis name: redis -version: 0.1.3 +version: 0.1.4 home: https://github.com/redis/redis ... diff --git a/redis/templates/secret-registry.yaml b/redis/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/redis/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/redis/values.yaml b/redis/values.yaml index 648a67014..03b13b04c 100644 --- a/redis/values.yaml +++ b/redis/values.yaml @@ -104,6 +104,10 @@ dependencies: redis: services: null +secrets: + oci_image_registry: + redis: redis-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -118,11 +122,27 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + redis: + username: redis + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true helm_tests: true ... diff --git a/registry/Chart.yaml b/registry/Chart.yaml index ed6d87998..d94c2b20e 100644 --- a/registry/Chart.yaml +++ b/registry/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.0.0 description: OpenStack-Helm Docker Registry name: registry -version: 0.1.5 +version: 0.1.6 home: https://github.com/kubernetes/ingress sources: - https://opendev.org/openstack/openstack-helm diff --git a/registry/templates/secret-registry.yaml b/registry/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/registry/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/registry/values.yaml b/registry/values.yaml index 4dfd7380c..c2f23244d 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -163,6 +163,10 @@ dependencies: - endpoint: internal service: docker_registry +secrets: + oci_image_registry: + registry: registry-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -177,6 +181,21 @@ endpoints: port: registry: default: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + registry: + username: registry + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null docker_registry: name: docker-registry namespace: docker-registry @@ -207,5 +226,6 @@ manifests: job_bootstrap: true job_image_repo_sync: true pvc_images: true + secret_registry: true service_registry: true ... diff --git a/releasenotes/notes/calico.yaml b/releasenotes/notes/calico.yaml index f27ff2c32..de4bcda5e 100644 --- a/releasenotes/notes/calico.yaml +++ b/releasenotes/notes/calico.yaml @@ -5,4 +5,5 @@ calico: - 0.1.2 Use full image ref for docker official images - 0.1.3 Helm 3 - Fix Job labels - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-client.yaml b/releasenotes/notes/ceph-client.yaml index 14cea7144..a504d8cc3 100644 --- a/releasenotes/notes/ceph-client.yaml +++ b/releasenotes/notes/ceph-client.yaml @@ -37,4 +37,5 @@ ceph-client: - 0.1.34 Migrated CronJob resource to batch/v1 API version - 0.1.35 Handle multiple mon versions in the pool job - 0.1.36 Add the ability to run Ceph commands from values + - 0.1.37 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-mon.yaml b/releasenotes/notes/ceph-mon.yaml index 1a3668960..124d5c7c1 100644 --- a/releasenotes/notes/ceph-mon.yaml +++ b/releasenotes/notes/ceph-mon.yaml @@ -26,4 +26,5 @@ ceph-mon: - 0.1.23 Release-specific ceph-template configmap name - 0.1.24 Prevents mgr SA from repeated creation - 0.1.25 Allow for unconditional mon restart + - 0.1.26 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-osd.yaml b/releasenotes/notes/ceph-osd.yaml index 913a16d4f..040531f48 100644 --- a/releasenotes/notes/ceph-osd.yaml +++ b/releasenotes/notes/ceph-osd.yaml @@ -42,4 +42,5 @@ ceph-osd: - 0.1.39 Allow for unconditional OSD restart - 0.1.40 Remove udev interactions from osd-init - 0.1.41 Remove ceph-mon dependency in ceph-osd liveness probe + - 0.1.42 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-provisioners.yaml b/releasenotes/notes/ceph-provisioners.yaml index fec0417c3..5ce296dbd 100644 --- a/releasenotes/notes/ceph-provisioners.yaml +++ b/releasenotes/notes/ceph-provisioners.yaml @@ -20,4 +20,5 @@ ceph-provisioners: - 0.1.18 Update CSI images & fix ceph csi provisioner RBAC - 0.1.19 Add pods watch and list permissions to cluster role - 0.1.20 Add missing CRDs for volume snapshots (classes, contents) + - 0.1.21 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-rgw.yaml b/releasenotes/notes/ceph-rgw.yaml index 5ce097a92..8d953344b 100644 --- a/releasenotes/notes/ceph-rgw.yaml +++ b/releasenotes/notes/ceph-rgw.yaml @@ -23,4 +23,5 @@ ceph-rgw: - 0.1.20 Enable taint toleration for Openstack services jobs - 0.1.21 Correct mon discovery for multiple RGWs in different NS - 0.1.22 Update default image values + - 0.1.23 Added OCI registry authentication ... diff --git a/releasenotes/notes/cert-rotation.yaml b/releasenotes/notes/cert-rotation.yaml index 571020252..8ada06b25 100644 --- a/releasenotes/notes/cert-rotation.yaml +++ b/releasenotes/notes/cert-rotation.yaml @@ -6,4 +6,5 @@ cert-rotation: - 0.1.3 Update htk requirements - 0.1.4 Consider initContainers when restarting resources - 0.1.5 Migrated CronJob resource to batch/v1 API version + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/daemonjob-controller.yaml b/releasenotes/notes/daemonjob-controller.yaml index c953f47f7..5098de099 100644 --- a/releasenotes/notes/daemonjob-controller.yaml +++ b/releasenotes/notes/daemonjob-controller.yaml @@ -6,4 +6,5 @@ daemonjob-controller: - 0.1.3 Update to container image repo k8s.gcr.io - 0.1.4 Use full image ref for docker official images - 0.1.5 Update htk requirements + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-apm-server.yaml b/releasenotes/notes/elastic-apm-server.yaml index efe91b82e..c58f5ad91 100644 --- a/releasenotes/notes/elastic-apm-server.yaml +++ b/releasenotes/notes/elastic-apm-server.yaml @@ -4,4 +4,5 @@ elastic-apm-server: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-filebeat.yaml b/releasenotes/notes/elastic-filebeat.yaml index fe6f78847..19e752451 100644 --- a/releasenotes/notes/elastic-filebeat.yaml +++ b/releasenotes/notes/elastic-filebeat.yaml @@ -4,4 +4,5 @@ elastic-filebeat: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-metricbeat.yaml b/releasenotes/notes/elastic-metricbeat.yaml index f6ed94f3f..1da5441a3 100644 --- a/releasenotes/notes/elastic-metricbeat.yaml +++ b/releasenotes/notes/elastic-metricbeat.yaml @@ -5,4 +5,5 @@ elastic-metricbeat: - 0.1.2 Update RBAC apiVersion from /v1beta1 to /v1 - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-packetbeat.yaml b/releasenotes/notes/elastic-packetbeat.yaml index 79f199a00..b40d4188f 100644 --- a/releasenotes/notes/elastic-packetbeat.yaml +++ b/releasenotes/notes/elastic-packetbeat.yaml @@ -4,4 +4,5 @@ elastic-packetbeat: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elasticsearch.yaml b/releasenotes/notes/elasticsearch.yaml index 0675888b4..1c6aa4ee5 100644 --- a/releasenotes/notes/elasticsearch.yaml +++ b/releasenotes/notes/elasticsearch.yaml @@ -30,4 +30,5 @@ elasticsearch: - 0.2.18 Update default image value to Wallaby - 0.2.19 Migrated CronJob resource to batch/v1 API version - 0.2.20 Set default python for helm test + - 0.2.21 Added OCI registry authentication ... diff --git a/releasenotes/notes/etcd.yaml b/releasenotes/notes/etcd.yaml index a6c749304..54935db4b 100644 --- a/releasenotes/notes/etcd.yaml +++ b/releasenotes/notes/etcd.yaml @@ -5,4 +5,5 @@ etcd: - 0.1.2 Update to container image repo k8s.gcr.io - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/falco.yaml b/releasenotes/notes/falco.yaml index a91458e71..db46fc28c 100644 --- a/releasenotes/notes/falco.yaml +++ b/releasenotes/notes/falco.yaml @@ -7,4 +7,5 @@ falco: - 0.1.4 Remove kafka residue - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/flannel.yaml b/releasenotes/notes/flannel.yaml index f3b021310..a1279453a 100644 --- a/releasenotes/notes/flannel.yaml +++ b/releasenotes/notes/flannel.yaml @@ -4,4 +4,5 @@ flannel: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/fluentbit.yaml b/releasenotes/notes/fluentbit.yaml index ecdcc0e5d..3832669df 100644 --- a/releasenotes/notes/fluentbit.yaml +++ b/releasenotes/notes/fluentbit.yaml @@ -4,4 +4,5 @@ fluentbit: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/fluentd.yaml b/releasenotes/notes/fluentd.yaml index 7a3b877be..b0c5e088d 100644 --- a/releasenotes/notes/fluentd.yaml +++ b/releasenotes/notes/fluentd.yaml @@ -8,4 +8,5 @@ fluentd: - 0.1.5 Kafka brokers defined as a list with port "kafka1:9092,kafka2:9020,kafka3:9092" - 0.1.6 Update htk requirements - 0.1.7 Update default image values to Wallaby + - 0.1.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/grafana.yaml b/releasenotes/notes/grafana.yaml index 6e0205323..20c41cfbd 100644 --- a/releasenotes/notes/grafana.yaml +++ b/releasenotes/notes/grafana.yaml @@ -15,4 +15,5 @@ grafana: - 0.1.12 Add iDRAC dashboard to Grafana - 0.1.13 Update prometheus metric name - 0.1.14 Add run migrator job + - 0.1.15 Added OCI registry authentication ... diff --git a/releasenotes/notes/helm-toolkit.yaml b/releasenotes/notes/helm-toolkit.yaml index f592c6011..b0b828442 100644 --- a/releasenotes/notes/helm-toolkit.yaml +++ b/releasenotes/notes/helm-toolkit.yaml @@ -50,4 +50,5 @@ helm-toolkit: - 0.2.41 Database B/R - archive name parser added - 0.2.42 Database B/R - fix to make script compliant with a retention policy - 0.2.43 Support having a single external ingress controller + - 0.2.44 Added OCI registry authentication ... diff --git a/releasenotes/notes/ingress.yaml b/releasenotes/notes/ingress.yaml index f1d929536..d69ce41d5 100644 --- a/releasenotes/notes/ingress.yaml +++ b/releasenotes/notes/ingress.yaml @@ -12,4 +12,5 @@ ingress: - 0.2.6 Add option to assign VIP as externalIP - 0.2.7 Enable taint toleration for Openstack services jobs - 0.2.8 Uplift ingress to 1.1.3 + - 0.2.9 Added OCI registry authentication ... diff --git a/releasenotes/notes/kibana.yaml b/releasenotes/notes/kibana.yaml index ef95566bf..3ce9dc443 100644 --- a/releasenotes/notes/kibana.yaml +++ b/releasenotes/notes/kibana.yaml @@ -11,4 +11,5 @@ kibana: - 0.1.8 Update htk requirements - 0.1.9 Revert removing Kibana indices before pod start up - 0.1.10 Update image defaults + - 0.1.11 Added OCI registry authentication ... diff --git a/releasenotes/notes/kube-dns.yaml b/releasenotes/notes/kube-dns.yaml index 388471dc0..6fb5bba1c 100644 --- a/releasenotes/notes/kube-dns.yaml +++ b/releasenotes/notes/kube-dns.yaml @@ -5,4 +5,5 @@ kube-dns: - 0.1.2 Update to container image repo k8s.gcr.io - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/kubernetes-keystone-webhook.yaml b/releasenotes/notes/kubernetes-keystone-webhook.yaml index 44bcabad3..84be358b0 100644 --- a/releasenotes/notes/kubernetes-keystone-webhook.yaml +++ b/releasenotes/notes/kubernetes-keystone-webhook.yaml @@ -7,4 +7,5 @@ kubernetes-keystone-webhook: - 0.1.4 Use full image ref for docker official images - 0.1.5 Update htk requirements - 0.1.6 Update default image value to Wallaby + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/kubernetes-node-problem-detector.yaml b/releasenotes/notes/kubernetes-node-problem-detector.yaml index 82dcac7c6..fe193ad84 100644 --- a/releasenotes/notes/kubernetes-node-problem-detector.yaml +++ b/releasenotes/notes/kubernetes-node-problem-detector.yaml @@ -7,4 +7,5 @@ kubernetes-node-problem-detector: - 0.1.4 Update the systemd-monitor lookback duration - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/ldap.yaml b/releasenotes/notes/ldap.yaml index b56d8302a..27709bd25 100644 --- a/releasenotes/notes/ldap.yaml +++ b/releasenotes/notes/ldap.yaml @@ -4,4 +4,5 @@ ldap: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/libvirt.yaml b/releasenotes/notes/libvirt.yaml index cba980311..6e11b5285 100644 --- a/releasenotes/notes/libvirt.yaml +++ b/releasenotes/notes/libvirt.yaml @@ -13,4 +13,5 @@ libvirt: - 0.1.10 Enable taint toleration for Openstack services jobs - 0.1.11 Remove unused overrides and update default image - 0.1.12 Add libvirt exporter as a sidecar + - 0.1.13 Added OCI registry authentication ... diff --git a/releasenotes/notes/mariadb.yaml b/releasenotes/notes/mariadb.yaml index bece0b48f..b89d29ad5 100644 --- a/releasenotes/notes/mariadb.yaml +++ b/releasenotes/notes/mariadb.yaml @@ -41,4 +41,5 @@ mariadb: - 0.2.23 Fix backup script by ignoring sys database for MariaDB 10.6 compartibility - 0.2.24 Uplift Mariadb-ingress to 1.2.0 - 0.2.25 Add liveness probe to restart a pod that got stuck in a transfer wsrep_local_state_comment + - 0.2.26 Added OCI registry authentication ... diff --git a/releasenotes/notes/memcached.yaml b/releasenotes/notes/memcached.yaml index 1b680f798..01f426978 100644 --- a/releasenotes/notes/memcached.yaml +++ b/releasenotes/notes/memcached.yaml @@ -12,4 +12,5 @@ memcached: - 0.1.9 Revert naming for subchart compatibility - 0.1.10 Updated naming for subchart compatibility - 0.1.11 Remove gnocchi netpol override + - 0.1.12 Added OCI registry authentication ... diff --git a/releasenotes/notes/metacontroller.yaml b/releasenotes/notes/metacontroller.yaml index ad153fdfd..29f560379 100644 --- a/releasenotes/notes/metacontroller.yaml +++ b/releasenotes/notes/metacontroller.yaml @@ -6,4 +6,5 @@ metacontroller: - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements - 0.1.5 Fix field validation error + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/mongodb.yaml b/releasenotes/notes/mongodb.yaml index 45fb4122b..30f2bb1fa 100644 --- a/releasenotes/notes/mongodb.yaml +++ b/releasenotes/notes/mongodb.yaml @@ -4,4 +4,5 @@ mongodb: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/nagios.yaml b/releasenotes/notes/nagios.yaml index 8984e836a..965d487f8 100644 --- a/releasenotes/notes/nagios.yaml +++ b/releasenotes/notes/nagios.yaml @@ -6,4 +6,5 @@ nagios: - 0.1.3 Mount internal TLS CA certificate - 0.1.4 Update htk requirements - 0.1.5 Switch nagios image from xenial to bionic + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/nfs-provisioner.yaml b/releasenotes/notes/nfs-provisioner.yaml index f47a9a42b..e62ee39f4 100644 --- a/releasenotes/notes/nfs-provisioner.yaml +++ b/releasenotes/notes/nfs-provisioner.yaml @@ -4,4 +4,5 @@ nfs-provisioner: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/openvswitch.yaml b/releasenotes/notes/openvswitch.yaml index 637db0ac2..31d723a78 100644 --- a/releasenotes/notes/openvswitch.yaml +++ b/releasenotes/notes/openvswitch.yaml @@ -8,4 +8,5 @@ openvswitch: - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements - 0.1.7 Enable taint toleration for Openstack services jobs + - 0.1.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/postgresql.yaml b/releasenotes/notes/postgresql.yaml index 9cc70aad4..0ea3f7898 100644 --- a/releasenotes/notes/postgresql.yaml +++ b/releasenotes/notes/postgresql.yaml @@ -16,4 +16,5 @@ postgresql: - 0.1.13 Remove set -x - 0.1.14 Fix invalid fields in values - 0.1.15 Migrated CronJob resource to batch/v1 API version + - 0.1.16 Added OCI registry authentication ... diff --git a/releasenotes/notes/powerdns.yaml b/releasenotes/notes/powerdns.yaml index 76aa39b1e..dba98a577 100644 --- a/releasenotes/notes/powerdns.yaml +++ b/releasenotes/notes/powerdns.yaml @@ -6,4 +6,5 @@ powerdns: - 0.1.3 Helm 3 - Fix Job labels - 0.1.4 Update htk requirements - 0.1.5 Update default image values + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-alertmanager.yaml b/releasenotes/notes/prometheus-alertmanager.yaml index a52bf9878..dd4583aa8 100644 --- a/releasenotes/notes/prometheus-alertmanager.yaml +++ b/releasenotes/notes/prometheus-alertmanager.yaml @@ -9,4 +9,5 @@ prometheus-alertmanager: - 0.1.6 Remove Alerta from openstack-helm-infra repository - 0.1.7 Use full image ref for docker official images - 0.1.8 Update htk requirements + - 0.1.9 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-blackbox-exporter.yaml b/releasenotes/notes/prometheus-blackbox-exporter.yaml index d75df8569..7b3b82658 100644 --- a/releasenotes/notes/prometheus-blackbox-exporter.yaml +++ b/releasenotes/notes/prometheus-blackbox-exporter.yaml @@ -5,4 +5,5 @@ prometheus-blackbox-exporter: - 0.1.2 Rename image key name - 0.1.3 Update htk requirements - 0.1.4 Fix indentation + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-kube-state-metrics.yaml b/releasenotes/notes/prometheus-kube-state-metrics.yaml index ab6ffcd20..3c9094301 100644 --- a/releasenotes/notes/prometheus-kube-state-metrics.yaml +++ b/releasenotes/notes/prometheus-kube-state-metrics.yaml @@ -7,4 +7,5 @@ prometheus-kube-state-metrics: - 0.1.4 Use full image ref for docker official images - 0.1.5 Fix helm3 compatability - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-node-exporter.yaml b/releasenotes/notes/prometheus-node-exporter.yaml index 3afa2fc04..fe3335129 100644 --- a/releasenotes/notes/prometheus-node-exporter.yaml +++ b/releasenotes/notes/prometheus-node-exporter.yaml @@ -5,4 +5,5 @@ prometheus-node-exporter: - 0.1.2 Add possibility to use overrides for some charts - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-openstack-exporter.yaml b/releasenotes/notes/prometheus-openstack-exporter.yaml index da3051883..061a8ecda 100644 --- a/releasenotes/notes/prometheus-openstack-exporter.yaml +++ b/releasenotes/notes/prometheus-openstack-exporter.yaml @@ -7,4 +7,5 @@ prometheus-openstack-exporter: - 0.1.4 Use full image ref for docker official images - 0.1.5 Helm 3 - Fix Job labels - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-process-exporter.yaml b/releasenotes/notes/prometheus-process-exporter.yaml index a173a56a8..665955cd9 100644 --- a/releasenotes/notes/prometheus-process-exporter.yaml +++ b/releasenotes/notes/prometheus-process-exporter.yaml @@ -5,4 +5,5 @@ prometheus-process-exporter: - 0.1.2 Fix values_overrides directory naming - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus.yaml b/releasenotes/notes/prometheus.yaml index f6c23da3e..0e38e442d 100644 --- a/releasenotes/notes/prometheus.yaml +++ b/releasenotes/notes/prometheus.yaml @@ -13,4 +13,5 @@ prometheus: - 0.1.10 Use full image ref for docker official images - 0.1.11 Update htk requirements - 0.1.12 Update default image value to Wallaby + - 0.1.13 Added OCI registry authentication ... diff --git a/releasenotes/notes/rabbitmq.yaml b/releasenotes/notes/rabbitmq.yaml index ca1394923..4b77eff27 100644 --- a/releasenotes/notes/rabbitmq.yaml +++ b/releasenotes/notes/rabbitmq.yaml @@ -23,4 +23,5 @@ rabbitmq: - 0.1.21 Updated naming for subchart compatibility - 0.1.22 Remove guest admin account - 0.1.23 Fixed guest account removal + - 0.1.24 Added OCI registry authentication ... diff --git a/releasenotes/notes/redis.yaml b/releasenotes/notes/redis.yaml index 282de9215..d7dfc3219 100644 --- a/releasenotes/notes/redis.yaml +++ b/releasenotes/notes/redis.yaml @@ -4,4 +4,5 @@ redis: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/registry.yaml b/releasenotes/notes/registry.yaml index 1ababbda3..a8dd8faeb 100644 --- a/releasenotes/notes/registry.yaml +++ b/releasenotes/notes/registry.yaml @@ -6,4 +6,5 @@ registry: - 0.1.3 Use full image ref for docker official images - 0.1.4 Helm 3 - Fix Job labels - 0.1.5 Update htk requirements + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/shaker.yaml b/releasenotes/notes/shaker.yaml index ea9a402e6..e5f949f4b 100644 --- a/releasenotes/notes/shaker.yaml +++ b/releasenotes/notes/shaker.yaml @@ -6,4 +6,5 @@ shaker: - 0.1.3 Fix helm3 linting issue - 0.1.4 Update htk requirements - 0.1.5 Update default image value + - 0.1.6 Added OCI registry authentication ... diff --git a/shaker/Chart.yaml b/shaker/Chart.yaml index 8722c8df9..0a46988b1 100644 --- a/shaker/Chart.yaml +++ b/shaker/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Shaker name: shaker -version: 0.1.5 +version: 0.1.6 home: https://pyshaker.readthedocs.io/en/latest/index.html icon: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTlnnEExfz6H9bBFFDxsDm5mVTdKWOt6Hw2_3aJ7hVkNdDdTCrimQ sources: diff --git a/shaker/templates/secret-registry.yaml b/shaker/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/shaker/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/shaker/values.yaml b/shaker/values.yaml index cdd38a43f..4c656108f 100644 --- a/shaker/values.yaml +++ b/shaker/values.yaml @@ -172,6 +172,8 @@ secrets: identity: admin: shaker-keystone-admin shaker: shaker-keystone-user + oci_image_registry: + shaker: shaker-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local @@ -187,6 +189,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + shaker: + username: shaker + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -248,4 +265,5 @@ manifests: pod_shaker_test: true service_shaker: true secret_keystone: true + secret_registry: true ...