support image registries with authentication

Based on spec in openstack-helm repo, support-OCI-image-registry-with-authentication-turned-on.rst Each Helm chart can configure an OCI image registry and credentials to use. A Kubernetes secret is then created with these info. Service Accounts then specify an imagePullSecret specifying the Secret with creds for the registry. Then any pod using one of these ServiceAccounts may pull images from an authenticated container registry. Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
2022-06-29 10:48:52 -04:00
parent 381d066f01
commit f31cfb2ef9
189 changed files with 1856 additions and 47 deletions
--- a/powerdns/Chart.yaml
+++ b/powerdns/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v4.1.10
 description: OpenStack-Helm PowerDNS
 name: powerdns
-version: 0.1.5
+version: 0.1.6
 home: https://www.powerdns.com/
 maintainers:
  - name: OpenStack-Helm Authors
--- a/powerdns/templates/secret-registry.yaml
+++ b/powerdns/templates/secret-registry.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}
--- a/powerdns/values.yaml
+++ b/powerdns/values.yaml
@@ -135,6 +135,21 @@ endpoints:
    port:
      registry:
        node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      powerdns:
+        username: powerdns
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
  powerdns:
    auth:
      service:
@@ -170,6 +185,8 @@ endpoints:
        default: 3306

 secrets:
+  oci_image_registry:
+    powerdns: powerdns-oci-image-registry-key
  oslo_db:
    admin: powerdns-db-admin
    powerdns: powerdns-db-user
@@ -199,6 +216,7 @@ manifests:
  job_db_init: true
  job_db_sync: true
  secret_db: true
+  secret_registry: true
  service_dns: true
  service_api: false
 ...