From f31cfb2ef937ce08eae9d957158900d6bb5cdea8 Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Wed, 29 Jun 2022 10:48:52 -0400 Subject: [PATCH] support image registries with authentication Based on spec in openstack-helm repo, support-OCI-image-registry-with-authentication-turned-on.rst Each Helm chart can configure an OCI image registry and credentials to use. A Kubernetes secret is then created with these info. Service Accounts then specify an imagePullSecret specifying the Secret with creds for the registry. Then any pod using one of these ServiceAccounts may pull images from an authenticated container registry. Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269 --- calico/Chart.yaml | 2 +- calico/templates/secret-registry.yaml | 17 ++++ calico/values.yaml | 20 ++++ ceph-client/Chart.yaml | 2 +- ceph-client/templates/secret-registry.yaml | 17 ++++ ceph-client/values.yaml | 18 ++++ ceph-mon/Chart.yaml | 2 +- ceph-mon/templates/secret-registry.yaml | 17 ++++ ceph-mon/values.yaml | 18 ++++ ceph-osd/Chart.yaml | 2 +- ceph-osd/templates/secret-registry.yaml | 17 ++++ ceph-osd/values.yaml | 18 ++++ ceph-provisioners/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ ceph-provisioners/values.yaml | 18 ++++ ceph-rgw/Chart.yaml | 2 +- ceph-rgw/templates/secret-registry.yaml | 17 ++++ ceph-rgw/values.yaml | 18 ++++ cert-rotation/Chart.yaml | 2 +- cert-rotation/templates/secret-registry.yaml | 17 ++++ cert-rotation/values.yaml | 21 +++++ daemonjob-controller/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ daemonjob-controller/values.yaml | 19 ++++ elastic-apm-server/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-apm-server/values.yaml | 18 ++++ elastic-filebeat/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-filebeat/values.yaml | 18 ++++ elastic-metricbeat/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-metricbeat/values.yaml | 18 ++++ elastic-packetbeat/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ elastic-packetbeat/values.yaml | 18 ++++ elasticsearch/Chart.yaml | 2 +- elasticsearch/templates/secret-registry.yaml | 17 ++++ elasticsearch/values.yaml | 18 ++++ etcd/Chart.yaml | 2 +- etcd/templates/secret-registry.yaml | 17 ++++ etcd/values.yaml | 20 ++++ falco/Chart.yaml | 2 +- falco/templates/secret-registry.yaml | 17 ++++ falco/values.yaml | 22 +++++ flannel/Chart.yaml | 2 +- flannel/templates/secret-registry.yaml | 17 ++++ flannel/values.yaml | 20 ++++ fluentbit/Chart.yaml | 2 +- fluentbit/templates/secret-registry.yaml | 17 ++++ fluentbit/values.yaml | 20 ++++ fluentd/Chart.yaml | 2 +- fluentd/templates/secret-registry.yaml | 17 ++++ fluentd/values.yaml | 21 +++++ grafana/Chart.yaml | 2 +- grafana/templates/secret-registry.yaml | 17 ++++ grafana/values.yaml | 18 ++++ helm-toolkit/Chart.yaml | 2 +- .../manifests/_secret-registry.yaml.tpl | 93 +++++++++++++++++++ .../_kubernetes_pod_rbac_serviceaccount.tpl | 6 ++ ingress/Chart.yaml | 2 +- ingress/templates/secret-registry.yaml | 17 ++++ ingress/values.yaml | 18 ++++ kibana/Chart.yaml | 2 +- kibana/templates/secret-registry.yaml | 17 ++++ kibana/values.yaml | 18 ++++ kube-dns/Chart.yaml | 2 +- kube-dns/templates/secret-registry.yaml | 17 ++++ .../templates/serviceaccount-kube-dns.yaml | 6 ++ kube-dns/values.yaml | 20 ++++ kubernetes-keystone-webhook/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ kubernetes-keystone-webhook/values.yaml | 18 ++++ kubernetes-node-problem-detector/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ kubernetes-node-problem-detector/values.yaml | 20 ++++ ldap/Chart.yaml | 2 +- ldap/templates/secret-registry.yaml | 17 ++++ ldap/values.yaml | 18 ++++ libvirt/Chart.yaml | 2 +- libvirt/templates/secret-registry.yaml | 17 ++++ libvirt/values.yaml | 18 ++++ mariadb/Chart.yaml | 2 +- mariadb/templates/secret-registry.yaml | 17 ++++ mariadb/values.yaml | 18 ++++ memcached/Chart.yaml | 2 +- memcached/templates/secret-registry.yaml | 17 ++++ memcached/values.yaml | 20 ++++ metacontroller/Chart.yaml | 2 +- metacontroller/templates/secret-registry.yaml | 17 ++++ metacontroller/values.yaml | 20 ++++ mongodb/Chart.yaml | 2 +- mongodb/templates/secret-registry.yaml | 17 ++++ mongodb/values.yaml | 20 ++++ nagios/Chart.yaml | 2 +- nagios/templates/secret-registry.yaml | 17 ++++ nagios/values.yaml | 18 ++++ nfs-provisioner/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ nfs-provisioner/values.yaml | 20 ++++ openvswitch/Chart.yaml | 2 +- openvswitch/templates/secret-registry.yaml | 17 ++++ openvswitch/values.yaml | 20 ++++ postgresql/Chart.yaml | 2 +- postgresql/templates/secret-registry.yaml | 17 ++++ postgresql/values.yaml | 18 ++++ powerdns/Chart.yaml | 2 +- powerdns/templates/secret-registry.yaml | 17 ++++ powerdns/values.yaml | 18 ++++ prometheus-alertmanager/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-alertmanager/values.yaml | 18 ++++ prometheus-blackbox-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-blackbox-exporter/values.yaml | 22 +++++ prometheus-kube-state-metrics/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-kube-state-metrics/values.yaml | 20 ++++ prometheus-node-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-node-exporter/values.yaml | 20 ++++ prometheus-openstack-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-openstack-exporter/values.yaml | 18 ++++ prometheus-process-exporter/Chart.yaml | 2 +- .../templates/secret-registry.yaml | 17 ++++ prometheus-process-exporter/values.yaml | 20 ++++ prometheus/Chart.yaml | 2 +- prometheus/templates/secret-registry.yaml | 17 ++++ prometheus/values.yaml | 18 ++++ rabbitmq/Chart.yaml | 2 +- rabbitmq/templates/secret-registry.yaml | 17 ++++ rabbitmq/values.yaml | 18 ++++ redis/Chart.yaml | 2 +- redis/templates/secret-registry.yaml | 17 ++++ redis/values.yaml | 20 ++++ registry/Chart.yaml | 2 +- registry/templates/secret-registry.yaml | 17 ++++ registry/values.yaml | 20 ++++ releasenotes/notes/calico.yaml | 1 + releasenotes/notes/ceph-client.yaml | 1 + releasenotes/notes/ceph-mon.yaml | 1 + releasenotes/notes/ceph-osd.yaml | 1 + releasenotes/notes/ceph-provisioners.yaml | 1 + releasenotes/notes/ceph-rgw.yaml | 1 + releasenotes/notes/cert-rotation.yaml | 1 + releasenotes/notes/daemonjob-controller.yaml | 1 + releasenotes/notes/elastic-apm-server.yaml | 1 + releasenotes/notes/elastic-filebeat.yaml | 1 + releasenotes/notes/elastic-metricbeat.yaml | 1 + releasenotes/notes/elastic-packetbeat.yaml | 1 + releasenotes/notes/elasticsearch.yaml | 1 + releasenotes/notes/etcd.yaml | 1 + releasenotes/notes/falco.yaml | 1 + releasenotes/notes/flannel.yaml | 1 + releasenotes/notes/fluentbit.yaml | 1 + releasenotes/notes/fluentd.yaml | 1 + releasenotes/notes/grafana.yaml | 1 + releasenotes/notes/helm-toolkit.yaml | 1 + releasenotes/notes/ingress.yaml | 1 + releasenotes/notes/kibana.yaml | 1 + releasenotes/notes/kube-dns.yaml | 1 + .../notes/kubernetes-keystone-webhook.yaml | 1 + .../kubernetes-node-problem-detector.yaml | 1 + releasenotes/notes/ldap.yaml | 1 + releasenotes/notes/libvirt.yaml | 1 + releasenotes/notes/mariadb.yaml | 1 + releasenotes/notes/memcached.yaml | 1 + releasenotes/notes/metacontroller.yaml | 1 + releasenotes/notes/mongodb.yaml | 1 + releasenotes/notes/nagios.yaml | 1 + releasenotes/notes/nfs-provisioner.yaml | 1 + releasenotes/notes/openvswitch.yaml | 1 + releasenotes/notes/postgresql.yaml | 1 + releasenotes/notes/powerdns.yaml | 1 + .../notes/prometheus-alertmanager.yaml | 1 + .../notes/prometheus-blackbox-exporter.yaml | 1 + .../notes/prometheus-kube-state-metrics.yaml | 1 + .../notes/prometheus-node-exporter.yaml | 1 + .../notes/prometheus-openstack-exporter.yaml | 1 + .../notes/prometheus-process-exporter.yaml | 1 + releasenotes/notes/prometheus.yaml | 1 + releasenotes/notes/rabbitmq.yaml | 1 + releasenotes/notes/redis.yaml | 1 + releasenotes/notes/registry.yaml | 1 + releasenotes/notes/shaker.yaml | 1 + shaker/Chart.yaml | 2 +- shaker/templates/secret-registry.yaml | 17 ++++ shaker/values.yaml | 18 ++++ 189 files changed, 1856 insertions(+), 47 deletions(-) create mode 100644 calico/templates/secret-registry.yaml create mode 100644 ceph-client/templates/secret-registry.yaml create mode 100644 ceph-mon/templates/secret-registry.yaml create mode 100644 ceph-osd/templates/secret-registry.yaml create mode 100644 ceph-provisioners/templates/secret-registry.yaml create mode 100644 ceph-rgw/templates/secret-registry.yaml create mode 100644 cert-rotation/templates/secret-registry.yaml create mode 100644 daemonjob-controller/templates/secret-registry.yaml create mode 100644 elastic-apm-server/templates/secret-registry.yaml create mode 100644 elastic-filebeat/templates/secret-registry.yaml create mode 100644 elastic-metricbeat/templates/secret-registry.yaml create mode 100644 elastic-packetbeat/templates/secret-registry.yaml create mode 100644 elasticsearch/templates/secret-registry.yaml create mode 100644 etcd/templates/secret-registry.yaml create mode 100644 falco/templates/secret-registry.yaml create mode 100644 flannel/templates/secret-registry.yaml create mode 100644 fluentbit/templates/secret-registry.yaml create mode 100644 fluentd/templates/secret-registry.yaml create mode 100644 grafana/templates/secret-registry.yaml create mode 100644 helm-toolkit/templates/manifests/_secret-registry.yaml.tpl create mode 100644 ingress/templates/secret-registry.yaml create mode 100644 kibana/templates/secret-registry.yaml create mode 100644 kube-dns/templates/secret-registry.yaml create mode 100644 kubernetes-keystone-webhook/templates/secret-registry.yaml create mode 100644 kubernetes-node-problem-detector/templates/secret-registry.yaml create mode 100644 ldap/templates/secret-registry.yaml create mode 100644 libvirt/templates/secret-registry.yaml create mode 100644 mariadb/templates/secret-registry.yaml create mode 100644 memcached/templates/secret-registry.yaml create mode 100644 metacontroller/templates/secret-registry.yaml create mode 100644 mongodb/templates/secret-registry.yaml create mode 100644 nagios/templates/secret-registry.yaml create mode 100644 nfs-provisioner/templates/secret-registry.yaml create mode 100644 openvswitch/templates/secret-registry.yaml create mode 100644 postgresql/templates/secret-registry.yaml create mode 100644 powerdns/templates/secret-registry.yaml create mode 100644 prometheus-alertmanager/templates/secret-registry.yaml create mode 100644 prometheus-blackbox-exporter/templates/secret-registry.yaml create mode 100644 prometheus-kube-state-metrics/templates/secret-registry.yaml create mode 100644 prometheus-node-exporter/templates/secret-registry.yaml create mode 100644 prometheus-openstack-exporter/templates/secret-registry.yaml create mode 100644 prometheus-process-exporter/templates/secret-registry.yaml create mode 100644 prometheus/templates/secret-registry.yaml create mode 100644 rabbitmq/templates/secret-registry.yaml create mode 100644 redis/templates/secret-registry.yaml create mode 100644 registry/templates/secret-registry.yaml create mode 100644 shaker/templates/secret-registry.yaml diff --git a/calico/Chart.yaml b/calico/Chart.yaml index 247fbd189e..d46808e0ed 100644 --- a/calico/Chart.yaml +++ b/calico/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.0 description: OpenStack-Helm Calico name: calico -version: 0.1.4 +version: 0.1.5 home: https://github.com/projectcalico/calico icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67 sources: diff --git a/calico/templates/secret-registry.yaml b/calico/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/calico/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/calico/values.yaml b/calico/values.yaml index c8424e82e7..845cf5a246 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -166,6 +166,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + calico: calico-oci-image-registry + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -180,6 +184,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + calico: + username: calico + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null etcd: auth: client: @@ -572,4 +591,5 @@ manifests: job_calico_settings: true service_calico_etcd: true secret_certificates: true + secret_registry: true ... diff --git a/ceph-client/Chart.yaml b/ceph-client/Chart.yaml index a26082f35b..5ebc0847c5 100644 --- a/ceph-client/Chart.yaml +++ b/ceph-client/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Client name: ceph-client -version: 0.1.36 +version: 0.1.37 home: https://github.com/ceph/ceph-client ... diff --git a/ceph-client/templates/secret-registry.yaml b/ceph-client/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ceph-client/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-client/values.yaml b/ceph-client/values.yaml index 4ad5cf71a0..cc81f03dea 100644 --- a/ceph-client/values.yaml +++ b/ceph-client/values.yaml @@ -188,6 +188,8 @@ secrets: rgw: ceph-bootstrap-rgw-keyring mgr: ceph-bootstrap-mgr-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-client: ceph-client-oci-image-registry network: public: 192.168.0.0/16 @@ -517,6 +519,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-client: + username: ceph-client + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -564,4 +581,5 @@ manifests: helm_tests: true cronjob_checkPGs: true cronjob_defragosds: true + secret_registry: true ... diff --git a/ceph-mon/Chart.yaml b/ceph-mon/Chart.yaml index a5db488c76..7d6b9c7ac6 100644 --- a/ceph-mon/Chart.yaml +++ b/ceph-mon/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Mon name: ceph-mon -version: 0.1.25 +version: 0.1.26 home: https://github.com/ceph/ceph ... diff --git a/ceph-mon/templates/secret-registry.yaml b/ceph-mon/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ceph-mon/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-mon/values.yaml b/ceph-mon/values.yaml index 25543887c1..412d4da25a 100644 --- a/ceph-mon/values.yaml +++ b/ceph-mon/values.yaml @@ -215,6 +215,8 @@ secrets: osd: ceph-bootstrap-osd-keyring mgr: ceph-bootstrap-mgr-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-mon: ceph-mon-oci-image-registry-key network: public: 192.168.0.0/16 @@ -424,6 +426,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-mon: + username: ceph-mon + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -473,4 +490,5 @@ manifests: service_mgr: true service_mon_discovery: true job_storage_admin_keys: true + secret_registry: true ... diff --git a/ceph-osd/Chart.yaml b/ceph-osd/Chart.yaml index f5bd86bb49..67c969792a 100644 --- a/ceph-osd/Chart.yaml +++ b/ceph-osd/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph OSD name: ceph-osd -version: 0.1.41 +version: 0.1.42 home: https://github.com/ceph/ceph ... diff --git a/ceph-osd/templates/secret-registry.yaml b/ceph-osd/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ceph-osd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-osd/values.yaml b/ceph-osd/values.yaml index ad87e2a15e..78b63b4c07 100644 --- a/ceph-osd/values.yaml +++ b/ceph-osd/values.yaml @@ -142,6 +142,8 @@ secrets: keyrings: osd: ceph-bootstrap-osd-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-osd: ceph-osh-oci-image-registry-key network: public: 192.168.0.0/16 @@ -373,6 +375,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-osd: + username: ceph-osd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -395,4 +412,5 @@ manifests: job_post_apply: true job_image_repo_sync: true helm_tests: true + secret_registry: true ... diff --git a/ceph-provisioners/Chart.yaml b/ceph-provisioners/Chart.yaml index 636391489b..0f841592f8 100644 --- a/ceph-provisioners/Chart.yaml +++ b/ceph-provisioners/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Provisioner name: ceph-provisioners -version: 0.1.20 +version: 0.1.21 home: https://github.com/ceph/ceph ... diff --git a/ceph-provisioners/templates/secret-registry.yaml b/ceph-provisioners/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ceph-provisioners/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-provisioners/values.yaml b/ceph-provisioners/values.yaml index ae61ee6cdc..39cf3e4402 100644 --- a/ceph-provisioners/values.yaml +++ b/ceph-provisioners/values.yaml @@ -277,6 +277,8 @@ secrets: keyrings: admin: ceph-client-admin-keyring prov_adminSecretName: pvc-ceph-conf-combined-storageclass + oci_image_registry: + ceph-provisioners: ceph-provisioners-oci-image-registry-key network: public: 192.168.0.0/16 @@ -431,6 +433,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-provisioners: + username: ceph-provisioners + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -462,4 +479,5 @@ manifests: job_namespace_client_ceph_config: true storageclass: true helm_tests: true + secret_registry: true ... diff --git a/ceph-rgw/Chart.yaml b/ceph-rgw/Chart.yaml index eb5b30f678..9d795b6685 100644 --- a/ceph-rgw/Chart.yaml +++ b/ceph-rgw/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph RadosGW name: ceph-rgw -version: 0.1.22 +version: 0.1.23 home: https://github.com/ceph/ceph ... diff --git a/ceph-rgw/templates/secret-registry.yaml b/ceph-rgw/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ceph-rgw/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml index 6d0e17e57f..982131401d 100644 --- a/ceph-rgw/values.yaml +++ b/ceph-rgw/values.yaml @@ -259,6 +259,8 @@ secrets: admin: ceph-keystone-admin swift: ceph-keystone-user user_rgw: ceph-keystone-user-rgw + oci_image_registry: + ceph-rgw: ceph-rgw-oci-image-registry-key rgw_s3: admin: radosgw-s3-admin-creds tls: @@ -548,6 +550,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-rgw: + username: ceph-rgw + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone namespace: null @@ -682,6 +699,7 @@ manifests: secret_keystone_rgw: true secret_ingress_tls: true secret_keystone: true + secret_registry: true service_ingress_rgw: true service_rgw: true helm_tests: true diff --git a/cert-rotation/Chart.yaml b/cert-rotation/Chart.yaml index 6a5bae7fbc..3925bbb9ab 100644 --- a/cert-rotation/Chart.yaml +++ b/cert-rotation/Chart.yaml @@ -16,5 +16,5 @@ appVersion: "1.0" description: Rotate the certificates generated by cert-manager home: https://cert-manager.io/ name: cert-rotation -version: 0.1.5 +version: 0.1.6 ... diff --git a/cert-rotation/templates/secret-registry.yaml b/cert-rotation/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/cert-rotation/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/cert-rotation/values.yaml b/cert-rotation/values.yaml index dc9a592086..6b3d2b82fb 100644 --- a/cert-rotation/values.yaml +++ b/cert-rotation/values.yaml @@ -54,8 +54,29 @@ pod: dependencies: static: cert_rotate: null +secrets: + oci_image_registry: + cert-rotation: cert-rotation-oci-image-registry-key +endpoints: + cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + cert-rotation: + username: cert-rotation + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true cron_job_cert_rotate: false job_cert_rotate: false + secret_registry: true ... diff --git a/daemonjob-controller/Chart.yaml b/daemonjob-controller/Chart.yaml index d3d2b4f128..c00f48566e 100644 --- a/daemonjob-controller/Chart.yaml +++ b/daemonjob-controller/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: A Helm chart for DaemonjobController name: daemonjob-controller -version: 0.1.5 +version: 0.1.6 home: https://opendev.org/openstack ... diff --git a/daemonjob-controller/templates/secret-registry.yaml b/daemonjob-controller/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/daemonjob-controller/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/daemonjob-controller/values.yaml b/daemonjob-controller/values.yaml index 676bb23f29..c32b1a54e1 100644 --- a/daemonjob-controller/values.yaml +++ b/daemonjob-controller/values.yaml @@ -67,6 +67,9 @@ pod: controller: runAsUser: 0 readOnlyRootFilesystem: true +secrets: + oci_image_registry: + daemonjob-controller: daemonjob-controller-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -81,6 +84,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + daemonjob-controller: + username: daemonjob-controller + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null daemonjob_controller: hosts: default: daemonjob-controller @@ -112,5 +130,6 @@ manifests: crds_create: true job_image_repo_sync: true configmap_bin: true + secret_registry: true service: true ... diff --git a/elastic-apm-server/Chart.yaml b/elastic-apm-server/Chart.yaml index ea5ef5f1e2..6ceffb9c62 100644 --- a/elastic-apm-server/Chart.yaml +++ b/elastic-apm-server/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v6.2.3 description: OpenStack-Helm Elastic APM Server name: elastic-apm-server -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/guide/en/apm/get-started/current/index.html sources: - https://github.com/elastic/apm-server diff --git a/elastic-apm-server/templates/secret-registry.yaml b/elastic-apm-server/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/elastic-apm-server/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-apm-server/values.yaml b/elastic-apm-server/values.yaml index 5b6781a44b..afb87b4ccf 100644 --- a/elastic-apm-server/values.yaml +++ b/elastic-apm-server/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: elastic-apm-server-elasticsearch-user + oci_image_registry: + elastic-apm-server: elastic-apm-server-oci-image-registry dependencies: dynamic: @@ -84,6 +86,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-apm-server: + username: elastic-apm-server + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -163,4 +180,5 @@ manifests: service: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-filebeat/Chart.yaml b/elastic-filebeat/Chart.yaml index c020d289d9..9a67055303 100644 --- a/elastic-filebeat/Chart.yaml +++ b/elastic-filebeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Filebeat name: elastic-filebeat -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/products/beats/filebeat sources: - https://github.com/elastic/beats/tree/master/filebeat diff --git a/elastic-filebeat/templates/secret-registry.yaml b/elastic-filebeat/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/elastic-filebeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-filebeat/values.yaml b/elastic-filebeat/values.yaml index 91991ec94a..79b40ccffa 100644 --- a/elastic-filebeat/values.yaml +++ b/elastic-filebeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: filebeat-elasticsearch-user + oci_image_registry: + elastic-filebeat: elastic-filebeat-oci-image-registry-key dependencies: dynamic: @@ -167,6 +169,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-filebeat: + username: elastic-filebeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -264,4 +281,5 @@ manifests: daemonset: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-metricbeat/Chart.yaml b/elastic-metricbeat/Chart.yaml index ef8a4e2ac9..5b35a920d5 100644 --- a/elastic-metricbeat/Chart.yaml +++ b/elastic-metricbeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Metricbeat name: elastic-metricbeat -version: 0.1.4 +version: 0.1.5 home: https://www.elastic.co/products/beats/metricbeat sources: - https://github.com/elastic/beats/tree/master/metricbeat diff --git a/elastic-metricbeat/templates/secret-registry.yaml b/elastic-metricbeat/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/elastic-metricbeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-metricbeat/values.yaml b/elastic-metricbeat/values.yaml index 7797e03056..8447be5cc3 100644 --- a/elastic-metricbeat/values.yaml +++ b/elastic-metricbeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: metricbeat-elasticsearch-user + oci_image_registry: + elastic-metricbeat: elastic-metricbeat-oci-image-registry-key dependencies: dynamic: @@ -163,6 +165,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-metricbeat: + username: elastic-metricbeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kube_state_metrics: namespace: null hosts: @@ -263,4 +280,5 @@ manifests: deployment: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-packetbeat/Chart.yaml b/elastic-packetbeat/Chart.yaml index 5df231ee7c..92d042646f 100644 --- a/elastic-packetbeat/Chart.yaml +++ b/elastic-packetbeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Packetbeat name: elastic-packetbeat -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/products/beats/packetbeat sources: - https://github.com/elastic/beats/tree/master/packetbeat diff --git a/elastic-packetbeat/templates/secret-registry.yaml b/elastic-packetbeat/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/elastic-packetbeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-packetbeat/values.yaml b/elastic-packetbeat/values.yaml index 5310141ee5..98e152899a 100644 --- a/elastic-packetbeat/values.yaml +++ b/elastic-packetbeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: packetbeat-elasticsearch-user + oci_image_registry: + elastic-packetbeat: elastic-packetbeat-oci-image-registry-key dependencies: dynamic: @@ -106,6 +108,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-packetbeat: + username: elastic-packetbeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -182,4 +199,5 @@ manifests: daemonset: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml index d7f5363e9e..5296914a92 100644 --- a/elasticsearch/Chart.yaml +++ b/elasticsearch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.6.2 description: OpenStack-Helm ElasticSearch name: elasticsearch -version: 0.2.20 +version: 0.2.21 home: https://www.elastic.co/ sources: - https://github.com/elastic/elasticsearch diff --git a/elasticsearch/templates/secret-registry.yaml b/elasticsearch/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/elasticsearch/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 92ec26cfa0..5a9c5de2ab 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -422,6 +422,8 @@ secrets: elasticsearch: elasticsearch-s3-user-creds elasticsearch: user: elasticsearch-user-secrets + oci_image_registry: + elasticsearch: elasticsearch-oci-image-registry-key tls: elasticsearch: elasticsearch: @@ -775,6 +777,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elasticsearch: + username: elasticsearch + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -960,6 +977,7 @@ manifests: service_exporter: true network_policy: false secret_ingress_tls: true + secret_registry: true service_data: true service_discovery: true service_ingress: true diff --git a/etcd/Chart.yaml b/etcd/Chart.yaml index 16768b9af4..b819ecaead 100644 --- a/etcd/Chart.yaml +++ b/etcd/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.3 description: OpenStack-Helm etcd name: etcd -version: 0.1.4 +version: 0.1.5 home: https://coreos.com/etcd/ icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png sources: diff --git a/etcd/templates/secret-registry.yaml b/etcd/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/etcd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/etcd/values.yaml b/etcd/values.yaml index e2cef84552..efe8d61d1f 100644 --- a/etcd/values.yaml +++ b/etcd/values.yaml @@ -92,6 +92,10 @@ pod: memory: "1024Mi" cpu: "2000m" +secrets: + oci_image_registry: + etcd: etcd-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -106,6 +110,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + etcd: + username: etcd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null etcd: name: etcd hosts: @@ -124,5 +143,6 @@ manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true ... diff --git a/falco/Chart.yaml b/falco/Chart.yaml index 0001c1a7f3..d1c37a51cd 100644 --- a/falco/Chart.yaml +++ b/falco/Chart.yaml @@ -13,7 +13,7 @@ --- apiVersion: v1 name: falco -version: 0.1.6 +version: 0.1.7 appVersion: 0.11.1 description: Sysdig Falco keywords: diff --git a/falco/templates/secret-registry.yaml b/falco/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/falco/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/falco/values.yaml b/falco/values.yaml index eac87006ad..841a622b5e 100644 --- a/falco/values.yaml +++ b/falco/values.yaml @@ -23,6 +23,27 @@ images: - dep_check - image_repo_sync +secrets: + oci_image_registry: + falco: falco-oci-image-registry-key + +endpoints: + cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + falco: + username: falco + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null pod: resources: @@ -1361,4 +1382,5 @@ manifests: configmap_etc: true configmap_custom_rules: false configmap_bin: true + secret_registry: true ... diff --git a/flannel/Chart.yaml b/flannel/Chart.yaml index 2d03c734f5..520066c6d8 100644 --- a/flannel/Chart.yaml +++ b/flannel/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.8.0 description: OpenStack-Helm BootStrap Flannel name: flannel -version: 0.1.3 +version: 0.1.4 home: https://github.com/coreos/flannel icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png sources: diff --git a/flannel/templates/secret-registry.yaml b/flannel/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/flannel/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/flannel/values.yaml b/flannel/values.yaml index e0fdc81070..698b2de6e8 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -63,6 +63,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + flannel: flannel-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -77,10 +81,26 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + flannel: + username: flannel + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true configmap_kube_flannel_cfg: true daemonset_kube_flannel_ds: true job_image_repo_sync: true + secret_registry: true ... diff --git a/fluentbit/Chart.yaml b/fluentbit/Chart.yaml index 91590fb34a..2bbe55b198 100644 --- a/fluentbit/Chart.yaml +++ b/fluentbit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.14.2 description: OpenStack-Helm Fluentbit name: fluentbit -version: 0.1.3 +version: 0.1.4 home: https://www.fluentbit.io/ sources: - https://github.com/fluent/fluentbit diff --git a/fluentbit/templates/secret-registry.yaml b/fluentbit/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/fluentbit/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/fluentbit/values.yaml b/fluentbit/values.yaml index 51462b4153..c6688b3ac7 100644 --- a/fluentbit/values.yaml +++ b/fluentbit/values.yaml @@ -173,6 +173,10 @@ conf: Time_Keep true Time_Key time +secrets: + oci_image_registry: + fluentbit: fluentbit-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -187,6 +191,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + fluentbit: + username: fluentbit + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null fluentd: namespace: null name: fluentd @@ -254,4 +273,5 @@ manifests: configmap_etc: true daemonset_fluentbit: true job_image_repo_sync: true + secret_registry: true ... diff --git a/fluentd/Chart.yaml b/fluentd/Chart.yaml index ab174e63c4..c37facb683 100644 --- a/fluentd/Chart.yaml +++ b/fluentd/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.10.1 description: OpenStack-Helm Fluentd name: fluentd -version: 0.1.7 +version: 0.1.8 home: https://www.fluentd.org/ sources: - https://github.com/fluent/fluentd diff --git a/fluentd/templates/secret-registry.yaml b/fluentd/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/fluentd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/fluentd/values.yaml b/fluentd/values.yaml index 0e8df63ccd..93f557ad7f 100644 --- a/fluentd/values.yaml +++ b/fluentd/values.yaml @@ -99,6 +99,11 @@ conf: user "#{ENV['ELASTICSEARCH_USERNAME']}" + +secrets: + oci_image_registry: + fluentd: fluentd-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -113,6 +118,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + fluentd: + username: fluentd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -255,5 +275,6 @@ manifests: secret_elasticsearch: true secret_fluentd_env: true secret_kafka: false + secret_registry: true service_fluentd: true ... diff --git a/grafana/Chart.yaml b/grafana/Chart.yaml index c77b51ac43..d60180fca1 100644 --- a/grafana/Chart.yaml +++ b/grafana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.4.5 description: OpenStack-Helm Grafana name: grafana -version: 0.1.14 +version: 0.1.15 home: https://grafana.com/ sources: - https://github.com/grafana/grafana diff --git a/grafana/templates/secret-registry.yaml b/grafana/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/grafana/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index 93f738f109..1093cae216 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -196,6 +196,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + grafana: + username: grafana + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_db: namespace: null auth: @@ -370,6 +385,8 @@ network_policy: - {} secrets: + oci_image_registry: + grafana: grafana-oci-image-registry-key oslo_db: admin: grafana-db-admin user: grafana-db-user @@ -403,6 +420,7 @@ manifests: secret_admin_creds: true secret_ingress_tls: true secret_prom_creds: true + secret_registry: true service: true service_ingress: true diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml index 3c36b200cd..17df308310 100644 --- a/helm-toolkit/Chart.yaml +++ b/helm-toolkit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Helm-Toolkit name: helm-toolkit -version: 0.2.43 +version: 0.2.44 home: https://docs.openstack.org/openstack-helm icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png sources: diff --git a/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl new file mode 100644 index 0000000000..4854bb1ecc --- /dev/null +++ b/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -0,0 +1,93 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Creates a manifest for a authenticating a registry with a secret +examples: + - values: | + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} + + - values: | + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} +*/}} + +{{- define "helm-toolkit.manifests.secret_registry" }} +{{- $envAll := index . "envAll" }} +{{- $registryUser := index . "registryUser" }} +{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }} +{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }} +{{/* +We only use "host:port" when port is non-null, else just use "host" +*/}} +{{- $registryPort := "" }} +{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }} +{{- if $port }} +{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $registryPort = printf ":%s" $port }} +{{- end }} +{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }} +{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }} +{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ $dockerAuth }} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl index 4cc898ddd5..bc2045e5f2 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl @@ -42,6 +42,12 @@ kind: ServiceAccount metadata: name: {{ $saName }} namespace: {{ $saNamespace }} +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- range $k, $v := $deps -}} {{- if eq $k "services" }} {{- range $serv := $v }} diff --git a/ingress/Chart.yaml b/ingress/Chart.yaml index 12c519a685..19a93a4a81 100644 --- a/ingress/Chart.yaml +++ b/ingress/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.42.0 description: OpenStack-Helm Ingress Controller name: ingress -version: 0.2.8 +version: 0.2.9 home: https://github.com/kubernetes/ingress sources: - https://github.com/kubernetes/ingress diff --git a/ingress/templates/secret-registry.yaml b/ingress/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ingress/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index e42d87833a..519536ac7a 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -204,6 +204,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ingress: + username: ingress + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ingress: hosts: default: ingress @@ -270,6 +285,8 @@ network_policy: - {} secrets: + oci_image_registry: + ingress: ingress-oci-image-registry-key tls: ingress: api: @@ -333,4 +350,5 @@ manifests: prometheus: service_exporter: true network_policy: false + secret_registry: true ... diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml index d2ef4f1e63..d71d8197c2 100644 --- a/kibana/Chart.yaml +++ b/kibana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Kibana name: kibana -version: 0.1.10 +version: 0.1.11 home: https://www.elastic.co/products/kibana sources: - https://github.com/elastic/kibana diff --git a/kibana/templates/secret-registry.yaml b/kibana/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/kibana/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index ac3d07c14a..58c0b79361 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -140,6 +140,8 @@ network_policy: secrets: elasticsearch: user: kibana-elasticsearch-user + oci_image_registry: + kibana: kibana-oci-image-registry-key tls: kibana: kibana: @@ -330,6 +332,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kibana: + username: kibana + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -421,6 +438,7 @@ manifests: network_policy: false secret_elasticsearch: true secret_ingress_tls: true + secret_registry: true service: true service_ingress: true job_register_kibana_indexes: true diff --git a/kube-dns/Chart.yaml b/kube-dns/Chart.yaml index b6e6f64725..d38d877b42 100644 --- a/kube-dns/Chart.yaml +++ b/kube-dns/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.14.5 description: OpenStack-Helm Kube-DNS name: kube-dns -version: 0.1.4 +version: 0.1.5 home: https://github.com/coreos/flannel icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png sources: diff --git a/kube-dns/templates/secret-registry.yaml b/kube-dns/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/kube-dns/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kube-dns/templates/serviceaccount-kube-dns.yaml b/kube-dns/templates/serviceaccount-kube-dns.yaml index c4cdf505c6..6c10146aaf 100644 --- a/kube-dns/templates/serviceaccount-kube-dns.yaml +++ b/kube-dns/templates/serviceaccount-kube-dns.yaml @@ -22,4 +22,10 @@ metadata: labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- end }} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index a90ad936eb..5608ef1e14 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -66,6 +66,10 @@ dependencies: kube_dns: services: null +secrets: + oci_image_registry: + kube-dns: kube-dns-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -80,12 +84,28 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kube-dns: + username: kube-dns + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true configmap_kube_dns: true deployment_kube_dns: true job_image_repo_sync: true + secret_registry: true service_kube_dns: true serviceaccount_kube_dns: true ... diff --git a/kubernetes-keystone-webhook/Chart.yaml b/kubernetes-keystone-webhook/Chart.yaml index 0131bf7aea..eb5d7a81bd 100644 --- a/kubernetes-keystone-webhook/Chart.yaml +++ b/kubernetes-keystone-webhook/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.2.0 description: OpenStack-Helm Kubernetes keystone webhook name: kubernetes-keystone-webhook -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/cloud-provider-openstack sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/kubernetes-keystone-webhook/templates/secret-registry.yaml b/kubernetes-keystone-webhook/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/kubernetes-keystone-webhook/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kubernetes-keystone-webhook/values.yaml b/kubernetes-keystone-webhook/values.yaml index dad4e929bc..a1374caf6c 100644 --- a/kubernetes-keystone-webhook/values.yaml +++ b/kubernetes-keystone-webhook/values.yaml @@ -478,9 +478,26 @@ secrets: admin: kubernetes-keystone-webhook-admin certificates: api: kubernetes-keystone-webhook-certs + oci_image_registry: + kubernetes-keystone-webhook: kubernetes-keystone-webhook-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kubernetes-keystone-webhook: + username: kubernetes-keystone-webhook + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kubernetes: auth: api: @@ -552,6 +569,7 @@ manifests: pod_test: true secret_certificates: true secret_keystone: true + secret_registry: true service_ingress_api: true service: true ... diff --git a/kubernetes-node-problem-detector/Chart.yaml b/kubernetes-node-problem-detector/Chart.yaml index b1d3f5b611..c9b1b6f8fa 100644 --- a/kubernetes-node-problem-detector/Chart.yaml +++ b/kubernetes-node-problem-detector/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Kubernetes Node Problem Detector name: kubernetes-node-problem-detector -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/node-problem-detector sources: - https://github.com/kubernetes/node-problem-detector diff --git a/kubernetes-node-problem-detector/templates/secret-registry.yaml b/kubernetes-node-problem-detector/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/kubernetes-node-problem-detector/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kubernetes-node-problem-detector/values.yaml b/kubernetes-node-problem-detector/values.yaml index 516ca1cc4e..5c3c617701 100644 --- a/kubernetes-node-problem-detector/values.yaml +++ b/kubernetes-node-problem-detector/values.yaml @@ -35,6 +35,10 @@ labels: node_selector_key: openstack-control-plane node_selector_value: enabled +secrets: + oci_image_registry: + kubernetes-node-problem-detector: kubernetes-node-problem-detector-oci-image-registry-key + pod: security_context: node_problem_detector: @@ -135,6 +139,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kubernetes-node-problem-detector: + username: kubernetes-node-problem-detector + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null node_problem_detector: name: node-problem-detector namespace: null @@ -153,6 +172,7 @@ manifests: configmap_etc: true daemonset: true job_image_repo_sync: true + secret_registry: true service: false conf: diff --git a/ldap/Chart.yaml b/ldap/Chart.yaml index 5fffb7ccd6..70d2073ec2 100644 --- a/ldap/Chart.yaml +++ b/ldap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.2.0 description: OpenStack-Helm LDAP name: ldap -version: 0.1.3 +version: 0.1.4 home: https://www.openldap.org/ maintainers: - name: OpenStack-Helm Authors diff --git a/ldap/templates/secret-registry.yaml b/ldap/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ldap/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ldap/values.yaml b/ldap/values.yaml index 45b7a609b8..3e3544b2dc 100644 --- a/ldap/values.yaml +++ b/ldap/values.yaml @@ -137,6 +137,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ldap: + username: ldap + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ldap: hosts: default: ldap @@ -230,6 +245,8 @@ secrets: identity: admin: admin ldap: ldap + oci_image_registry: + ldap: ldap-oci-image-registry-key openldap: domain: cluster.local @@ -241,6 +258,7 @@ manifests: job_bootstrap: true job_image_repo_sync: true network_policy: false + secret_registry: true statefulset: true service: true ... diff --git a/libvirt/Chart.yaml b/libvirt/Chart.yaml index 462c56afb5..d17726e69a 100644 --- a/libvirt/Chart.yaml +++ b/libvirt/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm libvirt name: libvirt -version: 0.1.12 +version: 0.1.13 home: https://libvirt.org sources: - https://libvirt.org/git/?p=libvirt.git;a=summary diff --git a/libvirt/templates/secret-registry.yaml b/libvirt/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/libvirt/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/libvirt/values.yaml b/libvirt/values.yaml index 53ea05a0b7..1264fd614e 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -58,6 +58,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + libvirt: + username: libvirt + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null libvirt_exporter: port: metrics: @@ -237,8 +252,11 @@ manifests: daemonset_libvirt: true job_image_repo_sync: true network_policy: false + secret_registry: true secrets: + oci_image_registry: + libvirt: libvirt-oci-image-registry-key tls: server: libvirt-tls-server client: libvirt-tls-client diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml index de965d53ca..5e1f6e3627 100644 --- a/mariadb/Chart.yaml +++ b/mariadb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v10.2.31 description: OpenStack-Helm MariaDB name: mariadb -version: 0.2.25 +version: 0.2.26 home: https://mariadb.com/kb/en/ icon: http://badges.mariadb.org/mariadb-badge-180x60.png sources: diff --git a/mariadb/templates/secret-registry.yaml b/mariadb/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/mariadb/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mariadb/values.yaml b/mariadb/values.yaml index 6664b1d320..b2393eb3d8 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -496,6 +496,8 @@ secrets: mariadb: mariadb-backup-user mariadb: backup_restore: mariadb-backup-restore + oci_image_registry: + mariadb: mariadb-oci-image-registry-key tls: oslo_db: server: @@ -519,6 +521,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mariadb: + username: mariadb + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -677,6 +694,7 @@ manifests: secret_dbaudit_password: true secret_backup_restore: false secret_etc: true + secret_registry: true service_discovery: true service_ingress: true service_error: true diff --git a/memcached/Chart.yaml b/memcached/Chart.yaml index c2cdd32dc5..7c7d652d7c 100644 --- a/memcached/Chart.yaml +++ b/memcached/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.5.5 description: OpenStack-Helm Memcached name: memcached -version: 0.1.11 +version: 0.1.12 home: https://github.com/memcached/memcached ... diff --git a/memcached/templates/secret-registry.yaml b/memcached/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/memcached/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/memcached/values.yaml b/memcached/values.yaml index f03a690141..b9e6339383 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -42,6 +42,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + memcached: memcached-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -56,6 +60,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + memcached: + username: memcached + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_cache: namespace: null host_fqdn_override: @@ -121,6 +140,7 @@ manifests: job_image_repo_sync: true network_policy: false service: true + secret_registry: true pod: security_context: diff --git a/metacontroller/Chart.yaml b/metacontroller/Chart.yaml index 26456fc829..d44f9b9428 100644 --- a/metacontroller/Chart.yaml +++ b/metacontroller/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.4.2 description: A Helm chart for Metacontroller name: metacontroller -version: 0.1.5 +version: 0.1.6 home: https://metacontroller.app/ keywords: - CRDs diff --git a/metacontroller/templates/secret-registry.yaml b/metacontroller/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/metacontroller/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/metacontroller/values.yaml b/metacontroller/values.yaml index 4a6210a403..4fdc35a79e 100644 --- a/metacontroller/values.yaml +++ b/metacontroller/values.yaml @@ -81,6 +81,10 @@ pod: readOnlyRootFilesystem: true allowPrivilegeEscalation: false +secrets: + oci_image_registry: + metacontroller: metacontroller-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -95,6 +99,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + metacontroller: + username: metacontroller + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null metacontroller: hosts: default: metacontroller @@ -105,6 +124,7 @@ endpoints: default: 8083 manifests: + secret_registry: true service: true statefulset: true job_image_repo_sync: true diff --git a/mongodb/Chart.yaml b/mongodb/Chart.yaml index 348eae41a5..d7fe37525e 100644 --- a/mongodb/Chart.yaml +++ b/mongodb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.9 description: OpenStack-Helm MongoDB name: mongodb -version: 0.1.3 +version: 0.1.4 home: https://www.mongodb.com sources: - https://github.com/mongodb/mongo diff --git a/mongodb/templates/secret-registry.yaml b/mongodb/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/mongodb/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mongodb/values.yaml b/mongodb/values.yaml index 5965123454..90167a0d8f 100644 --- a/mongodb/values.yaml +++ b/mongodb/values.yaml @@ -74,6 +74,10 @@ labels: node_selector_key: openstack-control-plane node_selector_value: enabled +secrets: + oci_image_registry: + mongodb: mongodb-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -88,6 +92,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mongodb: + username: mongodb + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null mongodb: auth: admin: @@ -124,6 +143,7 @@ manifests: configmap_bin: true job_image_repo_sync: true secret_db_root_creds: true + secret_registry: true service: true statefulset: true ... diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml index 29bbea242c..e45335cece 100644 --- a/nagios/Chart.yaml +++ b/nagios/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nagios name: nagios -version: 0.1.5 +version: 0.1.6 home: https://www.nagios.org sources: - https://opendev.org/openstack/openstack-helm-addons diff --git a/nagios/templates/secret-registry.yaml b/nagios/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/nagios/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nagios/values.yaml b/nagios/values.yaml index 11632938e5..6c66e12bc6 100644 --- a/nagios/values.yaml +++ b/nagios/values.yaml @@ -63,6 +63,8 @@ dependencies: secrets: nagios: admin: nagios-admin-creds + oci_image_registry: + nagios: nagios-oci-image-registry-key tls: nagios: nagios: @@ -82,6 +84,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nagios: + username: nagios + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus auth: @@ -295,6 +312,7 @@ manifests: pod_helm_test: true secret_nagios: true secret_ingress_tls: true + secret_registry: true service: true service_ingress: true diff --git a/nfs-provisioner/Chart.yaml b/nfs-provisioner/Chart.yaml index c848add71c..0a309408b7 100644 --- a/nfs-provisioner/Chart.yaml +++ b/nfs-provisioner/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.2.1 description: OpenStack-Helm NFS name: nfs-provisioner -version: 0.1.3 +version: 0.1.4 home: https://github.com/kubernetes-incubator/external-storage sources: - https://github.com/kubernetes-incubator/external-storage diff --git a/nfs-provisioner/templates/secret-registry.yaml b/nfs-provisioner/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/nfs-provisioner/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml index ad3e7538b4..4d929e6e15 100644 --- a/nfs-provisioner/values.yaml +++ b/nfs-provisioner/values.yaml @@ -102,6 +102,10 @@ dependencies: nfs: services: null +secrets: + oci_image_registry: + nfs-provisioner: nfs-provisioner-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -116,6 +120,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nfs-provisioner: + username: nfs-provisioner + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null nfs: hosts: default: nfs-provisioner @@ -131,6 +150,7 @@ manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true storage_class: true volume_claim: true diff --git a/openvswitch/Chart.yaml b/openvswitch/Chart.yaml index 653c49ca0a..10f3fe0168 100644 --- a/openvswitch/Chart.yaml +++ b/openvswitch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm OpenVSwitch name: openvswitch -version: 0.1.7 +version: 0.1.8 home: http://openvswitch.org icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/openvswitch/templates/secret-registry.yaml b/openvswitch/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/openvswitch/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml index c953a89906..5cbb30d43c 100644 --- a/openvswitch/values.yaml +++ b/openvswitch/values.yaml @@ -148,6 +148,10 @@ pod: nova: uid: 42424 +secrets: + oci_image_registry: + openvswitch: openvswitch-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -162,6 +166,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + openvswitch: + username: openvswitch + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null network_policy: openvswitch: @@ -198,6 +217,7 @@ manifests: daemonset_ovs_vswitchd: true job_image_repo_sync: true network_policy: false + secret_registry: true conf: openvswitch_db_server: diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml index b71bd310d5..206ce96413 100644 --- a/postgresql/Chart.yaml +++ b/postgresql/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v9.6 description: OpenStack-Helm PostgreSQL name: postgresql -version: 0.1.15 +version: 0.1.16 home: https://www.postgresql.org sources: - https://github.com/postgres/postgres diff --git a/postgresql/templates/secret-registry.yaml b/postgresql/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/postgresql/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/postgresql/values.yaml b/postgresql/values.yaml index 2e6d4bda60..1df9275ca7 100644 --- a/postgresql/values.yaml +++ b/postgresql/values.yaml @@ -340,6 +340,8 @@ conf: description: "Time at which postmaster started" secrets: + oci_image_registry: + postgresql: postgresql-oci-image-registry-key postgresql: admin: postgresql-admin exporter: postgresql-exporter @@ -366,6 +368,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + postresql: + username: postresql + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null postgresql: auth: admin: @@ -459,6 +476,7 @@ manifests: secret_etc: true secret_audit: true secret_backup_restore: false + secret_registry: true service: true statefulset: true cron_job_postgresql_backup: false diff --git a/powerdns/Chart.yaml b/powerdns/Chart.yaml index 2d3d02b219..16e908c2bb 100644 --- a/powerdns/Chart.yaml +++ b/powerdns/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v4.1.10 description: OpenStack-Helm PowerDNS name: powerdns -version: 0.1.5 +version: 0.1.6 home: https://www.powerdns.com/ maintainers: - name: OpenStack-Helm Authors diff --git a/powerdns/templates/secret-registry.yaml b/powerdns/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/powerdns/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/powerdns/values.yaml b/powerdns/values.yaml index 1961c6c784..91a4cde70c 100644 --- a/powerdns/values.yaml +++ b/powerdns/values.yaml @@ -135,6 +135,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + powerdns: + username: powerdns + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null powerdns: auth: service: @@ -170,6 +185,8 @@ endpoints: default: 3306 secrets: + oci_image_registry: + powerdns: powerdns-oci-image-registry-key oslo_db: admin: powerdns-db-admin powerdns: powerdns-db-user @@ -199,6 +216,7 @@ manifests: job_db_init: true job_db_sync: true secret_db: true + secret_registry: true service_dns: true service_api: false ... diff --git a/prometheus-alertmanager/Chart.yaml b/prometheus-alertmanager/Chart.yaml index 162cd82863..c197e47525 100644 --- a/prometheus-alertmanager/Chart.yaml +++ b/prometheus-alertmanager/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.20.0 description: OpenStack-Helm Alertmanager for Prometheus name: prometheus-alertmanager -version: 0.1.8 +version: 0.1.9 home: https://prometheus.io/docs/alerting/alertmanager/ sources: - https://github.com/prometheus/alertmanager diff --git a/prometheus-alertmanager/templates/secret-registry.yaml b/prometheus-alertmanager/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus-alertmanager/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml index 1a005e340e..0450422578 100644 --- a/prometheus-alertmanager/values.yaml +++ b/prometheus-alertmanager/values.yaml @@ -114,6 +114,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-alertmanager: + username: prometheus-alertmanager + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null alertmanager: name: prometheus-alertmanager namespace: null @@ -194,6 +209,8 @@ network: port: 30903 secrets: + oci_image_registry: + prometheus-alertmanager: prometheus-alertmanager-oci-image-registry-key tls: alertmanager: alertmanager: @@ -217,6 +234,7 @@ manifests: network_policy: false secret_admin_user: true secret_ingress_tls: true + secret_registry: true service: true service_discovery: true service_ingress: true diff --git a/prometheus-blackbox-exporter/Chart.yaml b/prometheus-blackbox-exporter/Chart.yaml index 5acdd512c8..afd7f7c536 100644 --- a/prometheus-blackbox-exporter/Chart.yaml +++ b/prometheus-blackbox-exporter/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v0.16.0 description: OpenStack-Helm blackbox exporter for Prometheus name: prometheus-blackbox-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/prometheus/blackbox_exporter sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/prometheus-blackbox-exporter/templates/secret-registry.yaml b/prometheus-blackbox-exporter/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus-blackbox-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-blackbox-exporter/values.yaml b/prometheus-blackbox-exporter/values.yaml index 627aa4c10d..80eb75dd23 100644 --- a/prometheus-blackbox-exporter/values.yaml +++ b/prometheus-blackbox-exporter/values.yaml @@ -30,8 +30,27 @@ service: annotations: {} port: 9115 +secrets: + oci_image_registry: + prometheus-blackbox-exporter: prometheus-blackbox-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-blackbox-exporter: + username: prometheus-blackbox-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null prometheus_blackbox_exporter: namespace: null hosts: @@ -118,4 +137,7 @@ config: valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] no_follow_redirects: false preferred_ip_protocol: "ip4" + +manifests: + secret_registry: true ... diff --git a/prometheus-kube-state-metrics/Chart.yaml b/prometheus-kube-state-metrics/Chart.yaml index f5c035392e..f61ec5e204 100644 --- a/prometheus-kube-state-metrics/Chart.yaml +++ b/prometheus-kube-state-metrics/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.3.1 description: OpenStack-Helm Kube-State-Metrics for Prometheus name: prometheus-kube-state-metrics -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics diff --git a/prometheus-kube-state-metrics/templates/secret-registry.yaml b/prometheus-kube-state-metrics/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus-kube-state-metrics/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-kube-state-metrics/values.yaml b/prometheus-kube-state-metrics/values.yaml index 283062f64c..1e7d437e24 100644 --- a/prometheus-kube-state-metrics/values.yaml +++ b/prometheus-kube-state-metrics/values.yaml @@ -113,6 +113,10 @@ dependencies: kube_state_metrics: services: null +secrets: + oci_image_registry: + prometheus-kube-state-metrics: prometheus-kube-state-metrics-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -127,6 +131,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-kube-state-metrics: + username: prometheus-kube-state-metrics + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kube_state_metrics: namespace: null hosts: @@ -179,6 +198,7 @@ manifests: deployment: true job_image_repo_sync: true network_policy: false + secret_registry: true service_kube_state_metrics: true service_controller_manager: true service_scheduler: true diff --git a/prometheus-node-exporter/Chart.yaml b/prometheus-node-exporter/Chart.yaml index fee63ead26..d6ffa6ecb0 100644 --- a/prometheus-node-exporter/Chart.yaml +++ b/prometheus-node-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.18.1 description: OpenStack-Helm Node Exporter for Prometheus name: prometheus-node-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/prometheus/node_exporter sources: - https://github.com/prometheus/node_exporter diff --git a/prometheus-node-exporter/templates/secret-registry.yaml b/prometheus-node-exporter/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus-node-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml index b4fe17b1f3..f1c45d6d26 100644 --- a/prometheus-node-exporter/values.yaml +++ b/prometheus-node-exporter/values.yaml @@ -113,6 +113,10 @@ monitoring: node_exporter: scrape: true +secrets: + oci_image_registry: + prometheus-node-exporter: prometheus-node-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -127,6 +131,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-node-exporter: + username: prometheus-node-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null node_metrics: namespace: null hosts: @@ -145,6 +164,7 @@ manifests: configmap_bin: true daemonset: true job_image_repo_sync: true + secret_registry: true service: true conf: diff --git a/prometheus-openstack-exporter/Chart.yaml b/prometheus-openstack-exporter/Chart.yaml index 8efd749af7..384ec1a6a3 100644 --- a/prometheus-openstack-exporter/Chart.yaml +++ b/prometheus-openstack-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack Metrics Exporter for Prometheus name: prometheus-openstack-exporter -version: 0.1.6 +version: 0.1.7 home: https://github.com/openstack/openstack-helm-infra sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/prometheus-openstack-exporter/templates/secret-registry.yaml b/prometheus-openstack-exporter/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus-openstack-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index bcb97421a4..c5316a562d 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -134,6 +134,8 @@ secrets: identity: admin: prometheus-openstack-exporter-keystone-admin user: prometheus-openstack-exporter-keystone-user + oci_image_registry: + prometheus-openstack-exporter: prometheus-openstack-exporter-oci-image-registry-key tls: identity: api: @@ -157,6 +159,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-openstack-exporter: + username: prometheus-openstack-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null prometheus_openstack_exporter: namespace: null hosts: @@ -227,5 +244,6 @@ manifests: job_ks_user: true network_policy: false secret_keystone: true + secret_registry: true service: true ... diff --git a/prometheus-process-exporter/Chart.yaml b/prometheus-process-exporter/Chart.yaml index 1c1b43ebd4..8b1c76f812 100644 --- a/prometheus-process-exporter/Chart.yaml +++ b/prometheus-process-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.2.11 description: OpenStack-Helm Process Exporter for Prometheus name: prometheus-process-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/openstack/openstack-helm-infra sources: - https://github.com/ncabatoff/process-exporter diff --git a/prometheus-process-exporter/templates/secret-registry.yaml b/prometheus-process-exporter/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus-process-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-process-exporter/values.yaml b/prometheus-process-exporter/values.yaml index a5837c5295..5cb99be031 100644 --- a/prometheus-process-exporter/values.yaml +++ b/prometheus-process-exporter/values.yaml @@ -115,6 +115,10 @@ monitoring: process_exporter: scrape: true +secrets: + oci_image_registry: + prometheus-process-exporter: prometheus-process-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -129,6 +133,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-process-exporter: + username: prometheus-process-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null process_exporter_metrics: namespace: null hosts: @@ -154,6 +173,7 @@ manifests: configmap_bin: true daemonset: true job_image_repo_sync: true + secret_registry: true service: true conf: diff --git a/prometheus/Chart.yaml b/prometheus/Chart.yaml index d7f49ad8e2..3413aeee7a 100644 --- a/prometheus/Chart.yaml +++ b/prometheus/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.25.0 description: OpenStack-Helm Prometheus name: prometheus -version: 0.1.12 +version: 0.1.13 home: https://prometheus.io/ sources: - https://github.com/prometheus/prometheus diff --git a/prometheus/templates/secret-registry.yaml b/prometheus/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/prometheus/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 142e758847..5872f17398 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -137,6 +137,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus: + username: prometheus + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -257,6 +272,8 @@ network_policy: - {} secrets: + oci_image_registry: + prometheus: prometheus-oci-image-registry-key tls: monitoring: prometheus: @@ -302,6 +319,7 @@ manifests: network_policy: true secret_ingress_tls: true secret_prometheus: true + secret_registry: true service_ingress: true service: true statefulset_prometheus: true diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml index b6b99f135d..1af35a358d 100644 --- a/rabbitmq/Chart.yaml +++ b/rabbitmq/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v3.9.0 description: OpenStack-Helm RabbitMQ name: rabbitmq -version: 0.1.23 +version: 0.1.24 home: https://github.com/rabbitmq/rabbitmq-server ... diff --git a/rabbitmq/templates/secret-registry.yaml b/rabbitmq/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/rabbitmq/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 569b2834e5..23b1266f19 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -269,6 +269,8 @@ network: nginx.ingress.kubernetes.io/rewrite-target: / secrets: + oci_image_registry: + rabbitmq: rabbitmq-oci-image-registry-key tls: oslo_messaging: server: @@ -291,6 +293,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + rabbitmq: + username: rabbitmq + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -406,6 +423,7 @@ manifests: pod_test: true secret_admin_user: true secret_erlang_cookie: true + secret_registry: true service_discovery: true service_ingress_management: true service: true diff --git a/redis/Chart.yaml b/redis/Chart.yaml index 589e52ab43..8f13833a66 100644 --- a/redis/Chart.yaml +++ b/redis/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v4.0.1 description: OpenStack-Helm Redis name: redis -version: 0.1.3 +version: 0.1.4 home: https://github.com/redis/redis ... diff --git a/redis/templates/secret-registry.yaml b/redis/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/redis/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/redis/values.yaml b/redis/values.yaml index 648a67014f..03b13b04c0 100644 --- a/redis/values.yaml +++ b/redis/values.yaml @@ -104,6 +104,10 @@ dependencies: redis: services: null +secrets: + oci_image_registry: + redis: redis-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -118,11 +122,27 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + redis: + username: redis + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true helm_tests: true ... diff --git a/registry/Chart.yaml b/registry/Chart.yaml index ed6d879984..d94c2b20ed 100644 --- a/registry/Chart.yaml +++ b/registry/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.0.0 description: OpenStack-Helm Docker Registry name: registry -version: 0.1.5 +version: 0.1.6 home: https://github.com/kubernetes/ingress sources: - https://opendev.org/openstack/openstack-helm diff --git a/registry/templates/secret-registry.yaml b/registry/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/registry/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/registry/values.yaml b/registry/values.yaml index 4dfd7380cf..c2f23244db 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -163,6 +163,10 @@ dependencies: - endpoint: internal service: docker_registry +secrets: + oci_image_registry: + registry: registry-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -177,6 +181,21 @@ endpoints: port: registry: default: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + registry: + username: registry + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null docker_registry: name: docker-registry namespace: docker-registry @@ -207,5 +226,6 @@ manifests: job_bootstrap: true job_image_repo_sync: true pvc_images: true + secret_registry: true service_registry: true ... diff --git a/releasenotes/notes/calico.yaml b/releasenotes/notes/calico.yaml index f27ff2c323..de4bcda5e9 100644 --- a/releasenotes/notes/calico.yaml +++ b/releasenotes/notes/calico.yaml @@ -5,4 +5,5 @@ calico: - 0.1.2 Use full image ref for docker official images - 0.1.3 Helm 3 - Fix Job labels - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-client.yaml b/releasenotes/notes/ceph-client.yaml index 14cea71440..a504d8cc37 100644 --- a/releasenotes/notes/ceph-client.yaml +++ b/releasenotes/notes/ceph-client.yaml @@ -37,4 +37,5 @@ ceph-client: - 0.1.34 Migrated CronJob resource to batch/v1 API version - 0.1.35 Handle multiple mon versions in the pool job - 0.1.36 Add the ability to run Ceph commands from values + - 0.1.37 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-mon.yaml b/releasenotes/notes/ceph-mon.yaml index 1a3668960c..124d5c7c19 100644 --- a/releasenotes/notes/ceph-mon.yaml +++ b/releasenotes/notes/ceph-mon.yaml @@ -26,4 +26,5 @@ ceph-mon: - 0.1.23 Release-specific ceph-template configmap name - 0.1.24 Prevents mgr SA from repeated creation - 0.1.25 Allow for unconditional mon restart + - 0.1.26 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-osd.yaml b/releasenotes/notes/ceph-osd.yaml index 913a16d4fd..040531f486 100644 --- a/releasenotes/notes/ceph-osd.yaml +++ b/releasenotes/notes/ceph-osd.yaml @@ -42,4 +42,5 @@ ceph-osd: - 0.1.39 Allow for unconditional OSD restart - 0.1.40 Remove udev interactions from osd-init - 0.1.41 Remove ceph-mon dependency in ceph-osd liveness probe + - 0.1.42 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-provisioners.yaml b/releasenotes/notes/ceph-provisioners.yaml index fec0417c35..5ce296dbd6 100644 --- a/releasenotes/notes/ceph-provisioners.yaml +++ b/releasenotes/notes/ceph-provisioners.yaml @@ -20,4 +20,5 @@ ceph-provisioners: - 0.1.18 Update CSI images & fix ceph csi provisioner RBAC - 0.1.19 Add pods watch and list permissions to cluster role - 0.1.20 Add missing CRDs for volume snapshots (classes, contents) + - 0.1.21 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-rgw.yaml b/releasenotes/notes/ceph-rgw.yaml index 5ce097a921..8d953344b8 100644 --- a/releasenotes/notes/ceph-rgw.yaml +++ b/releasenotes/notes/ceph-rgw.yaml @@ -23,4 +23,5 @@ ceph-rgw: - 0.1.20 Enable taint toleration for Openstack services jobs - 0.1.21 Correct mon discovery for multiple RGWs in different NS - 0.1.22 Update default image values + - 0.1.23 Added OCI registry authentication ... diff --git a/releasenotes/notes/cert-rotation.yaml b/releasenotes/notes/cert-rotation.yaml index 5710202521..8ada06b25f 100644 --- a/releasenotes/notes/cert-rotation.yaml +++ b/releasenotes/notes/cert-rotation.yaml @@ -6,4 +6,5 @@ cert-rotation: - 0.1.3 Update htk requirements - 0.1.4 Consider initContainers when restarting resources - 0.1.5 Migrated CronJob resource to batch/v1 API version + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/daemonjob-controller.yaml b/releasenotes/notes/daemonjob-controller.yaml index c953f47f7a..5098de0991 100644 --- a/releasenotes/notes/daemonjob-controller.yaml +++ b/releasenotes/notes/daemonjob-controller.yaml @@ -6,4 +6,5 @@ daemonjob-controller: - 0.1.3 Update to container image repo k8s.gcr.io - 0.1.4 Use full image ref for docker official images - 0.1.5 Update htk requirements + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-apm-server.yaml b/releasenotes/notes/elastic-apm-server.yaml index efe91b82ee..c58f5ad918 100644 --- a/releasenotes/notes/elastic-apm-server.yaml +++ b/releasenotes/notes/elastic-apm-server.yaml @@ -4,4 +4,5 @@ elastic-apm-server: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-filebeat.yaml b/releasenotes/notes/elastic-filebeat.yaml index fe6f788475..19e7524514 100644 --- a/releasenotes/notes/elastic-filebeat.yaml +++ b/releasenotes/notes/elastic-filebeat.yaml @@ -4,4 +4,5 @@ elastic-filebeat: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-metricbeat.yaml b/releasenotes/notes/elastic-metricbeat.yaml index f6ed94f3f8..1da5441a3f 100644 --- a/releasenotes/notes/elastic-metricbeat.yaml +++ b/releasenotes/notes/elastic-metricbeat.yaml @@ -5,4 +5,5 @@ elastic-metricbeat: - 0.1.2 Update RBAC apiVersion from /v1beta1 to /v1 - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-packetbeat.yaml b/releasenotes/notes/elastic-packetbeat.yaml index 79f199a000..b40d4188fd 100644 --- a/releasenotes/notes/elastic-packetbeat.yaml +++ b/releasenotes/notes/elastic-packetbeat.yaml @@ -4,4 +4,5 @@ elastic-packetbeat: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elasticsearch.yaml b/releasenotes/notes/elasticsearch.yaml index 0675888b46..1c6aa4ee5b 100644 --- a/releasenotes/notes/elasticsearch.yaml +++ b/releasenotes/notes/elasticsearch.yaml @@ -30,4 +30,5 @@ elasticsearch: - 0.2.18 Update default image value to Wallaby - 0.2.19 Migrated CronJob resource to batch/v1 API version - 0.2.20 Set default python for helm test + - 0.2.21 Added OCI registry authentication ... diff --git a/releasenotes/notes/etcd.yaml b/releasenotes/notes/etcd.yaml index a6c7493045..54935db4b1 100644 --- a/releasenotes/notes/etcd.yaml +++ b/releasenotes/notes/etcd.yaml @@ -5,4 +5,5 @@ etcd: - 0.1.2 Update to container image repo k8s.gcr.io - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/falco.yaml b/releasenotes/notes/falco.yaml index a91458e714..db46fc28ce 100644 --- a/releasenotes/notes/falco.yaml +++ b/releasenotes/notes/falco.yaml @@ -7,4 +7,5 @@ falco: - 0.1.4 Remove kafka residue - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/flannel.yaml b/releasenotes/notes/flannel.yaml index f3b0213109..a1279453a4 100644 --- a/releasenotes/notes/flannel.yaml +++ b/releasenotes/notes/flannel.yaml @@ -4,4 +4,5 @@ flannel: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/fluentbit.yaml b/releasenotes/notes/fluentbit.yaml index ecdcc0e5d5..3832669df7 100644 --- a/releasenotes/notes/fluentbit.yaml +++ b/releasenotes/notes/fluentbit.yaml @@ -4,4 +4,5 @@ fluentbit: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/fluentd.yaml b/releasenotes/notes/fluentd.yaml index 7a3b877be6..b0c5e088d3 100644 --- a/releasenotes/notes/fluentd.yaml +++ b/releasenotes/notes/fluentd.yaml @@ -8,4 +8,5 @@ fluentd: - 0.1.5 Kafka brokers defined as a list with port "kafka1:9092,kafka2:9020,kafka3:9092" - 0.1.6 Update htk requirements - 0.1.7 Update default image values to Wallaby + - 0.1.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/grafana.yaml b/releasenotes/notes/grafana.yaml index 6e02053234..20c41cfbd2 100644 --- a/releasenotes/notes/grafana.yaml +++ b/releasenotes/notes/grafana.yaml @@ -15,4 +15,5 @@ grafana: - 0.1.12 Add iDRAC dashboard to Grafana - 0.1.13 Update prometheus metric name - 0.1.14 Add run migrator job + - 0.1.15 Added OCI registry authentication ... diff --git a/releasenotes/notes/helm-toolkit.yaml b/releasenotes/notes/helm-toolkit.yaml index f592c60111..b0b8284428 100644 --- a/releasenotes/notes/helm-toolkit.yaml +++ b/releasenotes/notes/helm-toolkit.yaml @@ -50,4 +50,5 @@ helm-toolkit: - 0.2.41 Database B/R - archive name parser added - 0.2.42 Database B/R - fix to make script compliant with a retention policy - 0.2.43 Support having a single external ingress controller + - 0.2.44 Added OCI registry authentication ... diff --git a/releasenotes/notes/ingress.yaml b/releasenotes/notes/ingress.yaml index f1d9295368..d69ce41d52 100644 --- a/releasenotes/notes/ingress.yaml +++ b/releasenotes/notes/ingress.yaml @@ -12,4 +12,5 @@ ingress: - 0.2.6 Add option to assign VIP as externalIP - 0.2.7 Enable taint toleration for Openstack services jobs - 0.2.8 Uplift ingress to 1.1.3 + - 0.2.9 Added OCI registry authentication ... diff --git a/releasenotes/notes/kibana.yaml b/releasenotes/notes/kibana.yaml index ef95566bf6..3ce9dc4438 100644 --- a/releasenotes/notes/kibana.yaml +++ b/releasenotes/notes/kibana.yaml @@ -11,4 +11,5 @@ kibana: - 0.1.8 Update htk requirements - 0.1.9 Revert removing Kibana indices before pod start up - 0.1.10 Update image defaults + - 0.1.11 Added OCI registry authentication ... diff --git a/releasenotes/notes/kube-dns.yaml b/releasenotes/notes/kube-dns.yaml index 388471dc0a..6fb5bba1c8 100644 --- a/releasenotes/notes/kube-dns.yaml +++ b/releasenotes/notes/kube-dns.yaml @@ -5,4 +5,5 @@ kube-dns: - 0.1.2 Update to container image repo k8s.gcr.io - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/kubernetes-keystone-webhook.yaml b/releasenotes/notes/kubernetes-keystone-webhook.yaml index 44bcabad3d..84be358b0b 100644 --- a/releasenotes/notes/kubernetes-keystone-webhook.yaml +++ b/releasenotes/notes/kubernetes-keystone-webhook.yaml @@ -7,4 +7,5 @@ kubernetes-keystone-webhook: - 0.1.4 Use full image ref for docker official images - 0.1.5 Update htk requirements - 0.1.6 Update default image value to Wallaby + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/kubernetes-node-problem-detector.yaml b/releasenotes/notes/kubernetes-node-problem-detector.yaml index 82dcac7c66..fe193ad842 100644 --- a/releasenotes/notes/kubernetes-node-problem-detector.yaml +++ b/releasenotes/notes/kubernetes-node-problem-detector.yaml @@ -7,4 +7,5 @@ kubernetes-node-problem-detector: - 0.1.4 Update the systemd-monitor lookback duration - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/ldap.yaml b/releasenotes/notes/ldap.yaml index b56d8302a6..27709bd25b 100644 --- a/releasenotes/notes/ldap.yaml +++ b/releasenotes/notes/ldap.yaml @@ -4,4 +4,5 @@ ldap: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/libvirt.yaml b/releasenotes/notes/libvirt.yaml index cba980311b..6e11b52851 100644 --- a/releasenotes/notes/libvirt.yaml +++ b/releasenotes/notes/libvirt.yaml @@ -13,4 +13,5 @@ libvirt: - 0.1.10 Enable taint toleration for Openstack services jobs - 0.1.11 Remove unused overrides and update default image - 0.1.12 Add libvirt exporter as a sidecar + - 0.1.13 Added OCI registry authentication ... diff --git a/releasenotes/notes/mariadb.yaml b/releasenotes/notes/mariadb.yaml index bece0b48f0..b89d29ad5a 100644 --- a/releasenotes/notes/mariadb.yaml +++ b/releasenotes/notes/mariadb.yaml @@ -41,4 +41,5 @@ mariadb: - 0.2.23 Fix backup script by ignoring sys database for MariaDB 10.6 compartibility - 0.2.24 Uplift Mariadb-ingress to 1.2.0 - 0.2.25 Add liveness probe to restart a pod that got stuck in a transfer wsrep_local_state_comment + - 0.2.26 Added OCI registry authentication ... diff --git a/releasenotes/notes/memcached.yaml b/releasenotes/notes/memcached.yaml index 1b680f7985..01f426978d 100644 --- a/releasenotes/notes/memcached.yaml +++ b/releasenotes/notes/memcached.yaml @@ -12,4 +12,5 @@ memcached: - 0.1.9 Revert naming for subchart compatibility - 0.1.10 Updated naming for subchart compatibility - 0.1.11 Remove gnocchi netpol override + - 0.1.12 Added OCI registry authentication ... diff --git a/releasenotes/notes/metacontroller.yaml b/releasenotes/notes/metacontroller.yaml index ad153fdfd1..29f560379f 100644 --- a/releasenotes/notes/metacontroller.yaml +++ b/releasenotes/notes/metacontroller.yaml @@ -6,4 +6,5 @@ metacontroller: - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements - 0.1.5 Fix field validation error + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/mongodb.yaml b/releasenotes/notes/mongodb.yaml index 45fb4122b5..30f2bb1faa 100644 --- a/releasenotes/notes/mongodb.yaml +++ b/releasenotes/notes/mongodb.yaml @@ -4,4 +4,5 @@ mongodb: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/nagios.yaml b/releasenotes/notes/nagios.yaml index 8984e836ae..965d487f8f 100644 --- a/releasenotes/notes/nagios.yaml +++ b/releasenotes/notes/nagios.yaml @@ -6,4 +6,5 @@ nagios: - 0.1.3 Mount internal TLS CA certificate - 0.1.4 Update htk requirements - 0.1.5 Switch nagios image from xenial to bionic + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/nfs-provisioner.yaml b/releasenotes/notes/nfs-provisioner.yaml index f47a9a42b8..e62ee39f42 100644 --- a/releasenotes/notes/nfs-provisioner.yaml +++ b/releasenotes/notes/nfs-provisioner.yaml @@ -4,4 +4,5 @@ nfs-provisioner: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/openvswitch.yaml b/releasenotes/notes/openvswitch.yaml index 637db0ac26..31d723a782 100644 --- a/releasenotes/notes/openvswitch.yaml +++ b/releasenotes/notes/openvswitch.yaml @@ -8,4 +8,5 @@ openvswitch: - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements - 0.1.7 Enable taint toleration for Openstack services jobs + - 0.1.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/postgresql.yaml b/releasenotes/notes/postgresql.yaml index 9cc70aad4f..0ea3f78981 100644 --- a/releasenotes/notes/postgresql.yaml +++ b/releasenotes/notes/postgresql.yaml @@ -16,4 +16,5 @@ postgresql: - 0.1.13 Remove set -x - 0.1.14 Fix invalid fields in values - 0.1.15 Migrated CronJob resource to batch/v1 API version + - 0.1.16 Added OCI registry authentication ... diff --git a/releasenotes/notes/powerdns.yaml b/releasenotes/notes/powerdns.yaml index 76aa39b1e3..dba98a5774 100644 --- a/releasenotes/notes/powerdns.yaml +++ b/releasenotes/notes/powerdns.yaml @@ -6,4 +6,5 @@ powerdns: - 0.1.3 Helm 3 - Fix Job labels - 0.1.4 Update htk requirements - 0.1.5 Update default image values + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-alertmanager.yaml b/releasenotes/notes/prometheus-alertmanager.yaml index a52bf98782..dd4583aa82 100644 --- a/releasenotes/notes/prometheus-alertmanager.yaml +++ b/releasenotes/notes/prometheus-alertmanager.yaml @@ -9,4 +9,5 @@ prometheus-alertmanager: - 0.1.6 Remove Alerta from openstack-helm-infra repository - 0.1.7 Use full image ref for docker official images - 0.1.8 Update htk requirements + - 0.1.9 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-blackbox-exporter.yaml b/releasenotes/notes/prometheus-blackbox-exporter.yaml index d75df85695..7b3b82658e 100644 --- a/releasenotes/notes/prometheus-blackbox-exporter.yaml +++ b/releasenotes/notes/prometheus-blackbox-exporter.yaml @@ -5,4 +5,5 @@ prometheus-blackbox-exporter: - 0.1.2 Rename image key name - 0.1.3 Update htk requirements - 0.1.4 Fix indentation + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-kube-state-metrics.yaml b/releasenotes/notes/prometheus-kube-state-metrics.yaml index ab6ffcd20d..3c90943019 100644 --- a/releasenotes/notes/prometheus-kube-state-metrics.yaml +++ b/releasenotes/notes/prometheus-kube-state-metrics.yaml @@ -7,4 +7,5 @@ prometheus-kube-state-metrics: - 0.1.4 Use full image ref for docker official images - 0.1.5 Fix helm3 compatability - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-node-exporter.yaml b/releasenotes/notes/prometheus-node-exporter.yaml index 3afa2fc041..fe33351295 100644 --- a/releasenotes/notes/prometheus-node-exporter.yaml +++ b/releasenotes/notes/prometheus-node-exporter.yaml @@ -5,4 +5,5 @@ prometheus-node-exporter: - 0.1.2 Add possibility to use overrides for some charts - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-openstack-exporter.yaml b/releasenotes/notes/prometheus-openstack-exporter.yaml index da3051883e..061a8ecda9 100644 --- a/releasenotes/notes/prometheus-openstack-exporter.yaml +++ b/releasenotes/notes/prometheus-openstack-exporter.yaml @@ -7,4 +7,5 @@ prometheus-openstack-exporter: - 0.1.4 Use full image ref for docker official images - 0.1.5 Helm 3 - Fix Job labels - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-process-exporter.yaml b/releasenotes/notes/prometheus-process-exporter.yaml index a173a56a83..665955cd91 100644 --- a/releasenotes/notes/prometheus-process-exporter.yaml +++ b/releasenotes/notes/prometheus-process-exporter.yaml @@ -5,4 +5,5 @@ prometheus-process-exporter: - 0.1.2 Fix values_overrides directory naming - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus.yaml b/releasenotes/notes/prometheus.yaml index f6c23da3e5..0e38e442d0 100644 --- a/releasenotes/notes/prometheus.yaml +++ b/releasenotes/notes/prometheus.yaml @@ -13,4 +13,5 @@ prometheus: - 0.1.10 Use full image ref for docker official images - 0.1.11 Update htk requirements - 0.1.12 Update default image value to Wallaby + - 0.1.13 Added OCI registry authentication ... diff --git a/releasenotes/notes/rabbitmq.yaml b/releasenotes/notes/rabbitmq.yaml index ca13949236..4b77eff273 100644 --- a/releasenotes/notes/rabbitmq.yaml +++ b/releasenotes/notes/rabbitmq.yaml @@ -23,4 +23,5 @@ rabbitmq: - 0.1.21 Updated naming for subchart compatibility - 0.1.22 Remove guest admin account - 0.1.23 Fixed guest account removal + - 0.1.24 Added OCI registry authentication ... diff --git a/releasenotes/notes/redis.yaml b/releasenotes/notes/redis.yaml index 282de9215f..d7dfc32192 100644 --- a/releasenotes/notes/redis.yaml +++ b/releasenotes/notes/redis.yaml @@ -4,4 +4,5 @@ redis: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/registry.yaml b/releasenotes/notes/registry.yaml index 1ababbda37..a8dd8faeb8 100644 --- a/releasenotes/notes/registry.yaml +++ b/releasenotes/notes/registry.yaml @@ -6,4 +6,5 @@ registry: - 0.1.3 Use full image ref for docker official images - 0.1.4 Helm 3 - Fix Job labels - 0.1.5 Update htk requirements + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/shaker.yaml b/releasenotes/notes/shaker.yaml index ea9a402e6a..e5f949f4b4 100644 --- a/releasenotes/notes/shaker.yaml +++ b/releasenotes/notes/shaker.yaml @@ -6,4 +6,5 @@ shaker: - 0.1.3 Fix helm3 linting issue - 0.1.4 Update htk requirements - 0.1.5 Update default image value + - 0.1.6 Added OCI registry authentication ... diff --git a/shaker/Chart.yaml b/shaker/Chart.yaml index 8722c8df98..0a46988b16 100644 --- a/shaker/Chart.yaml +++ b/shaker/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Shaker name: shaker -version: 0.1.5 +version: 0.1.6 home: https://pyshaker.readthedocs.io/en/latest/index.html icon: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTlnnEExfz6H9bBFFDxsDm5mVTdKWOt6Hw2_3aJ7hVkNdDdTCrimQ sources: diff --git a/shaker/templates/secret-registry.yaml b/shaker/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/shaker/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/shaker/values.yaml b/shaker/values.yaml index cdd38a43f2..4c656108f1 100644 --- a/shaker/values.yaml +++ b/shaker/values.yaml @@ -172,6 +172,8 @@ secrets: identity: admin: shaker-keystone-admin shaker: shaker-keystone-user + oci_image_registry: + shaker: shaker-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local @@ -187,6 +189,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + shaker: + username: shaker + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -248,4 +265,5 @@ manifests: pod_shaker_test: true service_shaker: true secret_keystone: true + secret_registry: true ...