diff --git a/calico/Chart.yaml b/calico/Chart.yaml index 247fbd189..d46808e0e 100644 --- a/calico/Chart.yaml +++ b/calico/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.0 description: OpenStack-Helm Calico name: calico -version: 0.1.4 +version: 0.1.5 home: https://github.com/projectcalico/calico icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67 sources: diff --git a/calico/templates/secret-registry.yaml b/calico/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/calico/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/calico/values.yaml b/calico/values.yaml index c8424e82e..845cf5a24 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -166,6 +166,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + calico: calico-oci-image-registry + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -180,6 +184,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + calico: + username: calico + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null etcd: auth: client: @@ -572,4 +591,5 @@ manifests: job_calico_settings: true service_calico_etcd: true secret_certificates: true + secret_registry: true ... diff --git a/ceph-client/Chart.yaml b/ceph-client/Chart.yaml index a26082f35..5ebc0847c 100644 --- a/ceph-client/Chart.yaml +++ b/ceph-client/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Client name: ceph-client -version: 0.1.36 +version: 0.1.37 home: https://github.com/ceph/ceph-client ... diff --git a/ceph-client/templates/secret-registry.yaml b/ceph-client/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-client/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-client/values.yaml b/ceph-client/values.yaml index 4ad5cf71a..cc81f03de 100644 --- a/ceph-client/values.yaml +++ b/ceph-client/values.yaml @@ -188,6 +188,8 @@ secrets: rgw: ceph-bootstrap-rgw-keyring mgr: ceph-bootstrap-mgr-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-client: ceph-client-oci-image-registry network: public: 192.168.0.0/16 @@ -517,6 +519,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-client: + username: ceph-client + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -564,4 +581,5 @@ manifests: helm_tests: true cronjob_checkPGs: true cronjob_defragosds: true + secret_registry: true ... diff --git a/ceph-mon/Chart.yaml b/ceph-mon/Chart.yaml index a5db488c7..7d6b9c7ac 100644 --- a/ceph-mon/Chart.yaml +++ b/ceph-mon/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Mon name: ceph-mon -version: 0.1.25 +version: 0.1.26 home: https://github.com/ceph/ceph ... diff --git a/ceph-mon/templates/secret-registry.yaml b/ceph-mon/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-mon/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-mon/values.yaml b/ceph-mon/values.yaml index 25543887c..412d4da25 100644 --- a/ceph-mon/values.yaml +++ b/ceph-mon/values.yaml @@ -215,6 +215,8 @@ secrets: osd: ceph-bootstrap-osd-keyring mgr: ceph-bootstrap-mgr-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-mon: ceph-mon-oci-image-registry-key network: public: 192.168.0.0/16 @@ -424,6 +426,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-mon: + username: ceph-mon + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -473,4 +490,5 @@ manifests: service_mgr: true service_mon_discovery: true job_storage_admin_keys: true + secret_registry: true ... diff --git a/ceph-osd/Chart.yaml b/ceph-osd/Chart.yaml index f5bd86bb4..67c969792 100644 --- a/ceph-osd/Chart.yaml +++ b/ceph-osd/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph OSD name: ceph-osd -version: 0.1.41 +version: 0.1.42 home: https://github.com/ceph/ceph ... diff --git a/ceph-osd/templates/secret-registry.yaml b/ceph-osd/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-osd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-osd/values.yaml b/ceph-osd/values.yaml index ad87e2a15..78b63b4c0 100644 --- a/ceph-osd/values.yaml +++ b/ceph-osd/values.yaml @@ -142,6 +142,8 @@ secrets: keyrings: osd: ceph-bootstrap-osd-keyring admin: ceph-client-admin-keyring + oci_image_registry: + ceph-osd: ceph-osh-oci-image-registry-key network: public: 192.168.0.0/16 @@ -373,6 +375,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-osd: + username: ceph-osd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -395,4 +412,5 @@ manifests: job_post_apply: true job_image_repo_sync: true helm_tests: true + secret_registry: true ... diff --git a/ceph-provisioners/Chart.yaml b/ceph-provisioners/Chart.yaml index 636391489..0f841592f 100644 --- a/ceph-provisioners/Chart.yaml +++ b/ceph-provisioners/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Provisioner name: ceph-provisioners -version: 0.1.20 +version: 0.1.21 home: https://github.com/ceph/ceph ... diff --git a/ceph-provisioners/templates/secret-registry.yaml b/ceph-provisioners/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-provisioners/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-provisioners/values.yaml b/ceph-provisioners/values.yaml index ae61ee6cd..39cf3e440 100644 --- a/ceph-provisioners/values.yaml +++ b/ceph-provisioners/values.yaml @@ -277,6 +277,8 @@ secrets: keyrings: admin: ceph-client-admin-keyring prov_adminSecretName: pvc-ceph-conf-combined-storageclass + oci_image_registry: + ceph-provisioners: ceph-provisioners-oci-image-registry-key network: public: 192.168.0.0/16 @@ -431,6 +433,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-provisioners: + username: ceph-provisioners + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ceph_mon: namespace: null hosts: @@ -462,4 +479,5 @@ manifests: job_namespace_client_ceph_config: true storageclass: true helm_tests: true + secret_registry: true ... diff --git a/ceph-rgw/Chart.yaml b/ceph-rgw/Chart.yaml index eb5b30f67..9d795b668 100644 --- a/ceph-rgw/Chart.yaml +++ b/ceph-rgw/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph RadosGW name: ceph-rgw -version: 0.1.22 +version: 0.1.23 home: https://github.com/ceph/ceph ... diff --git a/ceph-rgw/templates/secret-registry.yaml b/ceph-rgw/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ceph-rgw/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml index 6d0e17e57..982131401 100644 --- a/ceph-rgw/values.yaml +++ b/ceph-rgw/values.yaml @@ -259,6 +259,8 @@ secrets: admin: ceph-keystone-admin swift: ceph-keystone-user user_rgw: ceph-keystone-user-rgw + oci_image_registry: + ceph-rgw: ceph-rgw-oci-image-registry-key rgw_s3: admin: radosgw-s3-admin-creds tls: @@ -548,6 +550,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceph-rgw: + username: ceph-rgw + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone namespace: null @@ -682,6 +699,7 @@ manifests: secret_keystone_rgw: true secret_ingress_tls: true secret_keystone: true + secret_registry: true service_ingress_rgw: true service_rgw: true helm_tests: true diff --git a/cert-rotation/Chart.yaml b/cert-rotation/Chart.yaml index 6a5bae7fb..3925bbb9a 100644 --- a/cert-rotation/Chart.yaml +++ b/cert-rotation/Chart.yaml @@ -16,5 +16,5 @@ appVersion: "1.0" description: Rotate the certificates generated by cert-manager home: https://cert-manager.io/ name: cert-rotation -version: 0.1.5 +version: 0.1.6 ... diff --git a/cert-rotation/templates/secret-registry.yaml b/cert-rotation/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/cert-rotation/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/cert-rotation/values.yaml b/cert-rotation/values.yaml index dc9a59208..6b3d2b82f 100644 --- a/cert-rotation/values.yaml +++ b/cert-rotation/values.yaml @@ -54,8 +54,29 @@ pod: dependencies: static: cert_rotate: null +secrets: + oci_image_registry: + cert-rotation: cert-rotation-oci-image-registry-key +endpoints: + cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + cert-rotation: + username: cert-rotation + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true cron_job_cert_rotate: false job_cert_rotate: false + secret_registry: true ... diff --git a/daemonjob-controller/Chart.yaml b/daemonjob-controller/Chart.yaml index d3d2b4f12..c00f48566 100644 --- a/daemonjob-controller/Chart.yaml +++ b/daemonjob-controller/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: A Helm chart for DaemonjobController name: daemonjob-controller -version: 0.1.5 +version: 0.1.6 home: https://opendev.org/openstack ... diff --git a/daemonjob-controller/templates/secret-registry.yaml b/daemonjob-controller/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/daemonjob-controller/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/daemonjob-controller/values.yaml b/daemonjob-controller/values.yaml index 676bb23f2..c32b1a54e 100644 --- a/daemonjob-controller/values.yaml +++ b/daemonjob-controller/values.yaml @@ -67,6 +67,9 @@ pod: controller: runAsUser: 0 readOnlyRootFilesystem: true +secrets: + oci_image_registry: + daemonjob-controller: daemonjob-controller-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -81,6 +84,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + daemonjob-controller: + username: daemonjob-controller + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null daemonjob_controller: hosts: default: daemonjob-controller @@ -112,5 +130,6 @@ manifests: crds_create: true job_image_repo_sync: true configmap_bin: true + secret_registry: true service: true ... diff --git a/elastic-apm-server/Chart.yaml b/elastic-apm-server/Chart.yaml index ea5ef5f1e..6ceffb9c6 100644 --- a/elastic-apm-server/Chart.yaml +++ b/elastic-apm-server/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v6.2.3 description: OpenStack-Helm Elastic APM Server name: elastic-apm-server -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/guide/en/apm/get-started/current/index.html sources: - https://github.com/elastic/apm-server diff --git a/elastic-apm-server/templates/secret-registry.yaml b/elastic-apm-server/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-apm-server/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-apm-server/values.yaml b/elastic-apm-server/values.yaml index 5b6781a44..afb87b4cc 100644 --- a/elastic-apm-server/values.yaml +++ b/elastic-apm-server/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: elastic-apm-server-elasticsearch-user + oci_image_registry: + elastic-apm-server: elastic-apm-server-oci-image-registry dependencies: dynamic: @@ -84,6 +86,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-apm-server: + username: elastic-apm-server + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -163,4 +180,5 @@ manifests: service: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-filebeat/Chart.yaml b/elastic-filebeat/Chart.yaml index c020d289d..9a6705530 100644 --- a/elastic-filebeat/Chart.yaml +++ b/elastic-filebeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Filebeat name: elastic-filebeat -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/products/beats/filebeat sources: - https://github.com/elastic/beats/tree/master/filebeat diff --git a/elastic-filebeat/templates/secret-registry.yaml b/elastic-filebeat/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-filebeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-filebeat/values.yaml b/elastic-filebeat/values.yaml index 91991ec94..79b40ccff 100644 --- a/elastic-filebeat/values.yaml +++ b/elastic-filebeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: filebeat-elasticsearch-user + oci_image_registry: + elastic-filebeat: elastic-filebeat-oci-image-registry-key dependencies: dynamic: @@ -167,6 +169,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-filebeat: + username: elastic-filebeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -264,4 +281,5 @@ manifests: daemonset: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-metricbeat/Chart.yaml b/elastic-metricbeat/Chart.yaml index ef8a4e2ac..5b35a920d 100644 --- a/elastic-metricbeat/Chart.yaml +++ b/elastic-metricbeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Metricbeat name: elastic-metricbeat -version: 0.1.4 +version: 0.1.5 home: https://www.elastic.co/products/beats/metricbeat sources: - https://github.com/elastic/beats/tree/master/metricbeat diff --git a/elastic-metricbeat/templates/secret-registry.yaml b/elastic-metricbeat/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-metricbeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-metricbeat/values.yaml b/elastic-metricbeat/values.yaml index 7797e0305..8447be5cc 100644 --- a/elastic-metricbeat/values.yaml +++ b/elastic-metricbeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: metricbeat-elasticsearch-user + oci_image_registry: + elastic-metricbeat: elastic-metricbeat-oci-image-registry-key dependencies: dynamic: @@ -163,6 +165,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-metricbeat: + username: elastic-metricbeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kube_state_metrics: namespace: null hosts: @@ -263,4 +280,5 @@ manifests: deployment: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elastic-packetbeat/Chart.yaml b/elastic-packetbeat/Chart.yaml index 5df231ee7..92d042646 100644 --- a/elastic-packetbeat/Chart.yaml +++ b/elastic-packetbeat/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Elastic Packetbeat name: elastic-packetbeat -version: 0.1.3 +version: 0.1.4 home: https://www.elastic.co/products/beats/packetbeat sources: - https://github.com/elastic/beats/tree/master/packetbeat diff --git a/elastic-packetbeat/templates/secret-registry.yaml b/elastic-packetbeat/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elastic-packetbeat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elastic-packetbeat/values.yaml b/elastic-packetbeat/values.yaml index 5310141ee..98e152899 100644 --- a/elastic-packetbeat/values.yaml +++ b/elastic-packetbeat/values.yaml @@ -40,6 +40,8 @@ images: secrets: elasticsearch: user: packetbeat-elasticsearch-user + oci_image_registry: + elastic-packetbeat: elastic-packetbeat-oci-image-registry-key dependencies: dynamic: @@ -106,6 +108,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elastic-packetbeat: + username: elastic-packetbeat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -182,4 +199,5 @@ manifests: daemonset: true job_image_repo_sync: true secret_elasticsearch: true + secret_registry: true ... diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml index d7f5363e9..5296914a9 100644 --- a/elasticsearch/Chart.yaml +++ b/elasticsearch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.6.2 description: OpenStack-Helm ElasticSearch name: elasticsearch -version: 0.2.20 +version: 0.2.21 home: https://www.elastic.co/ sources: - https://github.com/elastic/elasticsearch diff --git a/elasticsearch/templates/secret-registry.yaml b/elasticsearch/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/elasticsearch/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 92ec26cfa..5a9c5de2a 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -422,6 +422,8 @@ secrets: elasticsearch: elasticsearch-s3-user-creds elasticsearch: user: elasticsearch-user-secrets + oci_image_registry: + elasticsearch: elasticsearch-oci-image-registry-key tls: elasticsearch: elasticsearch: @@ -775,6 +777,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + elasticsearch: + username: elasticsearch + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -960,6 +977,7 @@ manifests: service_exporter: true network_policy: false secret_ingress_tls: true + secret_registry: true service_data: true service_discovery: true service_ingress: true diff --git a/etcd/Chart.yaml b/etcd/Chart.yaml index 16768b9af..b819ecaea 100644 --- a/etcd/Chart.yaml +++ b/etcd/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.3 description: OpenStack-Helm etcd name: etcd -version: 0.1.4 +version: 0.1.5 home: https://coreos.com/etcd/ icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png sources: diff --git a/etcd/templates/secret-registry.yaml b/etcd/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/etcd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/etcd/values.yaml b/etcd/values.yaml index e2cef8455..efe8d61d1 100644 --- a/etcd/values.yaml +++ b/etcd/values.yaml @@ -92,6 +92,10 @@ pod: memory: "1024Mi" cpu: "2000m" +secrets: + oci_image_registry: + etcd: etcd-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -106,6 +110,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + etcd: + username: etcd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null etcd: name: etcd hosts: @@ -124,5 +143,6 @@ manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true ... diff --git a/falco/Chart.yaml b/falco/Chart.yaml index 0001c1a7f..d1c37a51c 100644 --- a/falco/Chart.yaml +++ b/falco/Chart.yaml @@ -13,7 +13,7 @@ --- apiVersion: v1 name: falco -version: 0.1.6 +version: 0.1.7 appVersion: 0.11.1 description: Sysdig Falco keywords: diff --git a/falco/templates/secret-registry.yaml b/falco/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/falco/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/falco/values.yaml b/falco/values.yaml index eac87006a..841a622b5 100644 --- a/falco/values.yaml +++ b/falco/values.yaml @@ -23,6 +23,27 @@ images: - dep_check - image_repo_sync +secrets: + oci_image_registry: + falco: falco-oci-image-registry-key + +endpoints: + cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + falco: + username: falco + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null pod: resources: @@ -1361,4 +1382,5 @@ manifests: configmap_etc: true configmap_custom_rules: false configmap_bin: true + secret_registry: true ... diff --git a/flannel/Chart.yaml b/flannel/Chart.yaml index 2d03c734f..520066c6d 100644 --- a/flannel/Chart.yaml +++ b/flannel/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.8.0 description: OpenStack-Helm BootStrap Flannel name: flannel -version: 0.1.3 +version: 0.1.4 home: https://github.com/coreos/flannel icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png sources: diff --git a/flannel/templates/secret-registry.yaml b/flannel/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/flannel/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/flannel/values.yaml b/flannel/values.yaml index e0fdc8107..698b2de6e 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -63,6 +63,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + flannel: flannel-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -77,10 +81,26 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + flannel: + username: flannel + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true configmap_kube_flannel_cfg: true daemonset_kube_flannel_ds: true job_image_repo_sync: true + secret_registry: true ... diff --git a/fluentbit/Chart.yaml b/fluentbit/Chart.yaml index 91590fb34..2bbe55b19 100644 --- a/fluentbit/Chart.yaml +++ b/fluentbit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.14.2 description: OpenStack-Helm Fluentbit name: fluentbit -version: 0.1.3 +version: 0.1.4 home: https://www.fluentbit.io/ sources: - https://github.com/fluent/fluentbit diff --git a/fluentbit/templates/secret-registry.yaml b/fluentbit/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/fluentbit/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/fluentbit/values.yaml b/fluentbit/values.yaml index 51462b415..c6688b3ac 100644 --- a/fluentbit/values.yaml +++ b/fluentbit/values.yaml @@ -173,6 +173,10 @@ conf: Time_Keep true Time_Key time +secrets: + oci_image_registry: + fluentbit: fluentbit-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -187,6 +191,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + fluentbit: + username: fluentbit + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null fluentd: namespace: null name: fluentd @@ -254,4 +273,5 @@ manifests: configmap_etc: true daemonset_fluentbit: true job_image_repo_sync: true + secret_registry: true ... diff --git a/fluentd/Chart.yaml b/fluentd/Chart.yaml index ab174e63c..c37facb68 100644 --- a/fluentd/Chart.yaml +++ b/fluentd/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.10.1 description: OpenStack-Helm Fluentd name: fluentd -version: 0.1.7 +version: 0.1.8 home: https://www.fluentd.org/ sources: - https://github.com/fluent/fluentd diff --git a/fluentd/templates/secret-registry.yaml b/fluentd/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/fluentd/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/fluentd/values.yaml b/fluentd/values.yaml index 0e8df63cc..93f557ad7 100644 --- a/fluentd/values.yaml +++ b/fluentd/values.yaml @@ -99,6 +99,11 @@ conf: user "#{ENV['ELASTICSEARCH_USERNAME']}" + +secrets: + oci_image_registry: + fluentd: fluentd-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -113,6 +118,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + fluentd: + username: fluentd + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: namespace: null name: elasticsearch @@ -255,5 +275,6 @@ manifests: secret_elasticsearch: true secret_fluentd_env: true secret_kafka: false + secret_registry: true service_fluentd: true ... diff --git a/grafana/Chart.yaml b/grafana/Chart.yaml index c77b51ac4..d60180fca 100644 --- a/grafana/Chart.yaml +++ b/grafana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.4.5 description: OpenStack-Helm Grafana name: grafana -version: 0.1.14 +version: 0.1.15 home: https://grafana.com/ sources: - https://github.com/grafana/grafana diff --git a/grafana/templates/secret-registry.yaml b/grafana/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/grafana/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index 93f738f10..1093cae21 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -196,6 +196,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + grafana: + username: grafana + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_db: namespace: null auth: @@ -370,6 +385,8 @@ network_policy: - {} secrets: + oci_image_registry: + grafana: grafana-oci-image-registry-key oslo_db: admin: grafana-db-admin user: grafana-db-user @@ -403,6 +420,7 @@ manifests: secret_admin_creds: true secret_ingress_tls: true secret_prom_creds: true + secret_registry: true service: true service_ingress: true diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml index 3c36b200c..17df30831 100644 --- a/helm-toolkit/Chart.yaml +++ b/helm-toolkit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Helm-Toolkit name: helm-toolkit -version: 0.2.43 +version: 0.2.44 home: https://docs.openstack.org/openstack-helm icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png sources: diff --git a/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl new file mode 100644 index 000000000..4854bb1ec --- /dev/null +++ b/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -0,0 +1,93 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Creates a manifest for a authenticating a registry with a secret +examples: + - values: | + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} + + - values: | + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} +*/}} + +{{- define "helm-toolkit.manifests.secret_registry" }} +{{- $envAll := index . "envAll" }} +{{- $registryUser := index . "registryUser" }} +{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }} +{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }} +{{/* +We only use "host:port" when port is non-null, else just use "host" +*/}} +{{- $registryPort := "" }} +{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }} +{{- if $port }} +{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $registryPort = printf ":%s" $port }} +{{- end }} +{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }} +{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }} +{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ $dockerAuth }} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl index 4cc898ddd..bc2045e5f 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl @@ -42,6 +42,12 @@ kind: ServiceAccount metadata: name: {{ $saName }} namespace: {{ $saNamespace }} +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- range $k, $v := $deps -}} {{- if eq $k "services" }} {{- range $serv := $v }} diff --git a/ingress/Chart.yaml b/ingress/Chart.yaml index 12c519a68..19a93a4a8 100644 --- a/ingress/Chart.yaml +++ b/ingress/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.42.0 description: OpenStack-Helm Ingress Controller name: ingress -version: 0.2.8 +version: 0.2.9 home: https://github.com/kubernetes/ingress sources: - https://github.com/kubernetes/ingress diff --git a/ingress/templates/secret-registry.yaml b/ingress/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ingress/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index e42d87833..519536ac7 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -204,6 +204,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ingress: + username: ingress + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ingress: hosts: default: ingress @@ -270,6 +285,8 @@ network_policy: - {} secrets: + oci_image_registry: + ingress: ingress-oci-image-registry-key tls: ingress: api: @@ -333,4 +350,5 @@ manifests: prometheus: service_exporter: true network_policy: false + secret_registry: true ... diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml index d2ef4f1e6..d71d8197c 100644 --- a/kibana/Chart.yaml +++ b/kibana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Kibana name: kibana -version: 0.1.10 +version: 0.1.11 home: https://www.elastic.co/products/kibana sources: - https://github.com/elastic/kibana diff --git a/kibana/templates/secret-registry.yaml b/kibana/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kibana/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index ac3d07c14..58c0b7936 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -140,6 +140,8 @@ network_policy: secrets: elasticsearch: user: kibana-elasticsearch-user + oci_image_registry: + kibana: kibana-oci-image-registry-key tls: kibana: kibana: @@ -330,6 +332,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kibana: + username: kibana + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null elasticsearch: name: elasticsearch namespace: null @@ -421,6 +438,7 @@ manifests: network_policy: false secret_elasticsearch: true secret_ingress_tls: true + secret_registry: true service: true service_ingress: true job_register_kibana_indexes: true diff --git a/kube-dns/Chart.yaml b/kube-dns/Chart.yaml index b6e6f6472..d38d877b4 100644 --- a/kube-dns/Chart.yaml +++ b/kube-dns/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.14.5 description: OpenStack-Helm Kube-DNS name: kube-dns -version: 0.1.4 +version: 0.1.5 home: https://github.com/coreos/flannel icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png sources: diff --git a/kube-dns/templates/secret-registry.yaml b/kube-dns/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kube-dns/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kube-dns/templates/serviceaccount-kube-dns.yaml b/kube-dns/templates/serviceaccount-kube-dns.yaml index c4cdf505c..6c10146aa 100644 --- a/kube-dns/templates/serviceaccount-kube-dns.yaml +++ b/kube-dns/templates/serviceaccount-kube-dns.yaml @@ -22,4 +22,10 @@ metadata: labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- end }} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index a90ad936e..5608ef1e1 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -66,6 +66,10 @@ dependencies: kube_dns: services: null +secrets: + oci_image_registry: + kube-dns: kube-dns-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -80,12 +84,28 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kube-dns: + username: kube-dns + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true configmap_kube_dns: true deployment_kube_dns: true job_image_repo_sync: true + secret_registry: true service_kube_dns: true serviceaccount_kube_dns: true ... diff --git a/kubernetes-keystone-webhook/Chart.yaml b/kubernetes-keystone-webhook/Chart.yaml index 0131bf7ae..eb5d7a81b 100644 --- a/kubernetes-keystone-webhook/Chart.yaml +++ b/kubernetes-keystone-webhook/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.2.0 description: OpenStack-Helm Kubernetes keystone webhook name: kubernetes-keystone-webhook -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/cloud-provider-openstack sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/kubernetes-keystone-webhook/templates/secret-registry.yaml b/kubernetes-keystone-webhook/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kubernetes-keystone-webhook/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kubernetes-keystone-webhook/values.yaml b/kubernetes-keystone-webhook/values.yaml index dad4e929b..a1374caf6 100644 --- a/kubernetes-keystone-webhook/values.yaml +++ b/kubernetes-keystone-webhook/values.yaml @@ -478,9 +478,26 @@ secrets: admin: kubernetes-keystone-webhook-admin certificates: api: kubernetes-keystone-webhook-certs + oci_image_registry: + kubernetes-keystone-webhook: kubernetes-keystone-webhook-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kubernetes-keystone-webhook: + username: kubernetes-keystone-webhook + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kubernetes: auth: api: @@ -552,6 +569,7 @@ manifests: pod_test: true secret_certificates: true secret_keystone: true + secret_registry: true service_ingress_api: true service: true ... diff --git a/kubernetes-node-problem-detector/Chart.yaml b/kubernetes-node-problem-detector/Chart.yaml index b1d3f5b61..c9b1b6f8f 100644 --- a/kubernetes-node-problem-detector/Chart.yaml +++ b/kubernetes-node-problem-detector/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Kubernetes Node Problem Detector name: kubernetes-node-problem-detector -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/node-problem-detector sources: - https://github.com/kubernetes/node-problem-detector diff --git a/kubernetes-node-problem-detector/templates/secret-registry.yaml b/kubernetes-node-problem-detector/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/kubernetes-node-problem-detector/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/kubernetes-node-problem-detector/values.yaml b/kubernetes-node-problem-detector/values.yaml index 516ca1cc4..5c3c61770 100644 --- a/kubernetes-node-problem-detector/values.yaml +++ b/kubernetes-node-problem-detector/values.yaml @@ -35,6 +35,10 @@ labels: node_selector_key: openstack-control-plane node_selector_value: enabled +secrets: + oci_image_registry: + kubernetes-node-problem-detector: kubernetes-node-problem-detector-oci-image-registry-key + pod: security_context: node_problem_detector: @@ -135,6 +139,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + kubernetes-node-problem-detector: + username: kubernetes-node-problem-detector + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null node_problem_detector: name: node-problem-detector namespace: null @@ -153,6 +172,7 @@ manifests: configmap_etc: true daemonset: true job_image_repo_sync: true + secret_registry: true service: false conf: diff --git a/ldap/Chart.yaml b/ldap/Chart.yaml index 5fffb7ccd..70d2073ec 100644 --- a/ldap/Chart.yaml +++ b/ldap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.2.0 description: OpenStack-Helm LDAP name: ldap -version: 0.1.3 +version: 0.1.4 home: https://www.openldap.org/ maintainers: - name: OpenStack-Helm Authors diff --git a/ldap/templates/secret-registry.yaml b/ldap/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/ldap/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ldap/values.yaml b/ldap/values.yaml index 45b7a609b..3e3544b2d 100644 --- a/ldap/values.yaml +++ b/ldap/values.yaml @@ -137,6 +137,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ldap: + username: ldap + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null ldap: hosts: default: ldap @@ -230,6 +245,8 @@ secrets: identity: admin: admin ldap: ldap + oci_image_registry: + ldap: ldap-oci-image-registry-key openldap: domain: cluster.local @@ -241,6 +258,7 @@ manifests: job_bootstrap: true job_image_repo_sync: true network_policy: false + secret_registry: true statefulset: true service: true ... diff --git a/libvirt/Chart.yaml b/libvirt/Chart.yaml index 462c56afb..d17726e69 100644 --- a/libvirt/Chart.yaml +++ b/libvirt/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm libvirt name: libvirt -version: 0.1.12 +version: 0.1.13 home: https://libvirt.org sources: - https://libvirt.org/git/?p=libvirt.git;a=summary diff --git a/libvirt/templates/secret-registry.yaml b/libvirt/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/libvirt/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/libvirt/values.yaml b/libvirt/values.yaml index 53ea05a0b..1264fd614 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -58,6 +58,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + libvirt: + username: libvirt + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null libvirt_exporter: port: metrics: @@ -237,8 +252,11 @@ manifests: daemonset_libvirt: true job_image_repo_sync: true network_policy: false + secret_registry: true secrets: + oci_image_registry: + libvirt: libvirt-oci-image-registry-key tls: server: libvirt-tls-server client: libvirt-tls-client diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml index de965d53c..5e1f6e362 100644 --- a/mariadb/Chart.yaml +++ b/mariadb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v10.2.31 description: OpenStack-Helm MariaDB name: mariadb -version: 0.2.25 +version: 0.2.26 home: https://mariadb.com/kb/en/ icon: http://badges.mariadb.org/mariadb-badge-180x60.png sources: diff --git a/mariadb/templates/secret-registry.yaml b/mariadb/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/mariadb/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mariadb/values.yaml b/mariadb/values.yaml index 6664b1d32..b2393eb3d 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -496,6 +496,8 @@ secrets: mariadb: mariadb-backup-user mariadb: backup_restore: mariadb-backup-restore + oci_image_registry: + mariadb: mariadb-oci-image-registry-key tls: oslo_db: server: @@ -519,6 +521,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mariadb: + username: mariadb + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -677,6 +694,7 @@ manifests: secret_dbaudit_password: true secret_backup_restore: false secret_etc: true + secret_registry: true service_discovery: true service_ingress: true service_error: true diff --git a/memcached/Chart.yaml b/memcached/Chart.yaml index c2cdd32dc..7c7d652d7 100644 --- a/memcached/Chart.yaml +++ b/memcached/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.5.5 description: OpenStack-Helm Memcached name: memcached -version: 0.1.11 +version: 0.1.12 home: https://github.com/memcached/memcached ... diff --git a/memcached/templates/secret-registry.yaml b/memcached/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/memcached/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/memcached/values.yaml b/memcached/values.yaml index f03a69014..b9e633938 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -42,6 +42,10 @@ dependencies: - endpoint: internal service: local_image_registry +secrets: + oci_image_registry: + memcached: memcached-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -56,6 +60,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + memcached: + username: memcached + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_cache: namespace: null host_fqdn_override: @@ -121,6 +140,7 @@ manifests: job_image_repo_sync: true network_policy: false service: true + secret_registry: true pod: security_context: diff --git a/metacontroller/Chart.yaml b/metacontroller/Chart.yaml index 26456fc82..d44f9b942 100644 --- a/metacontroller/Chart.yaml +++ b/metacontroller/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.4.2 description: A Helm chart for Metacontroller name: metacontroller -version: 0.1.5 +version: 0.1.6 home: https://metacontroller.app/ keywords: - CRDs diff --git a/metacontroller/templates/secret-registry.yaml b/metacontroller/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/metacontroller/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/metacontroller/values.yaml b/metacontroller/values.yaml index 4a6210a40..4fdc35a79 100644 --- a/metacontroller/values.yaml +++ b/metacontroller/values.yaml @@ -81,6 +81,10 @@ pod: readOnlyRootFilesystem: true allowPrivilegeEscalation: false +secrets: + oci_image_registry: + metacontroller: metacontroller-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -95,6 +99,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + metacontroller: + username: metacontroller + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null metacontroller: hosts: default: metacontroller @@ -105,6 +124,7 @@ endpoints: default: 8083 manifests: + secret_registry: true service: true statefulset: true job_image_repo_sync: true diff --git a/mongodb/Chart.yaml b/mongodb/Chart.yaml index 348eae41a..d7fe37525 100644 --- a/mongodb/Chart.yaml +++ b/mongodb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.4.9 description: OpenStack-Helm MongoDB name: mongodb -version: 0.1.3 +version: 0.1.4 home: https://www.mongodb.com sources: - https://github.com/mongodb/mongo diff --git a/mongodb/templates/secret-registry.yaml b/mongodb/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/mongodb/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mongodb/values.yaml b/mongodb/values.yaml index 596512345..90167a0d8 100644 --- a/mongodb/values.yaml +++ b/mongodb/values.yaml @@ -74,6 +74,10 @@ labels: node_selector_key: openstack-control-plane node_selector_value: enabled +secrets: + oci_image_registry: + mongodb: mongodb-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -88,6 +92,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mongodb: + username: mongodb + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null mongodb: auth: admin: @@ -124,6 +143,7 @@ manifests: configmap_bin: true job_image_repo_sync: true secret_db_root_creds: true + secret_registry: true service: true statefulset: true ... diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml index 29bbea242..e45335cec 100644 --- a/nagios/Chart.yaml +++ b/nagios/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nagios name: nagios -version: 0.1.5 +version: 0.1.6 home: https://www.nagios.org sources: - https://opendev.org/openstack/openstack-helm-addons diff --git a/nagios/templates/secret-registry.yaml b/nagios/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/nagios/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nagios/values.yaml b/nagios/values.yaml index 11632938e..6c66e12bc 100644 --- a/nagios/values.yaml +++ b/nagios/values.yaml @@ -63,6 +63,8 @@ dependencies: secrets: nagios: admin: nagios-admin-creds + oci_image_registry: + nagios: nagios-oci-image-registry-key tls: nagios: nagios: @@ -82,6 +84,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nagios: + username: nagios + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus auth: @@ -295,6 +312,7 @@ manifests: pod_helm_test: true secret_nagios: true secret_ingress_tls: true + secret_registry: true service: true service_ingress: true diff --git a/nfs-provisioner/Chart.yaml b/nfs-provisioner/Chart.yaml index c848add71..0a309408b 100644 --- a/nfs-provisioner/Chart.yaml +++ b/nfs-provisioner/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.2.1 description: OpenStack-Helm NFS name: nfs-provisioner -version: 0.1.3 +version: 0.1.4 home: https://github.com/kubernetes-incubator/external-storage sources: - https://github.com/kubernetes-incubator/external-storage diff --git a/nfs-provisioner/templates/secret-registry.yaml b/nfs-provisioner/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/nfs-provisioner/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml index ad3e7538b..4d929e6e1 100644 --- a/nfs-provisioner/values.yaml +++ b/nfs-provisioner/values.yaml @@ -102,6 +102,10 @@ dependencies: nfs: services: null +secrets: + oci_image_registry: + nfs-provisioner: nfs-provisioner-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -116,6 +120,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nfs-provisioner: + username: nfs-provisioner + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null nfs: hosts: default: nfs-provisioner @@ -131,6 +150,7 @@ manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true storage_class: true volume_claim: true diff --git a/openvswitch/Chart.yaml b/openvswitch/Chart.yaml index 653c49ca0..10f3fe016 100644 --- a/openvswitch/Chart.yaml +++ b/openvswitch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm OpenVSwitch name: openvswitch -version: 0.1.7 +version: 0.1.8 home: http://openvswitch.org icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/openvswitch/templates/secret-registry.yaml b/openvswitch/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/openvswitch/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml index c953a8990..5cbb30d43 100644 --- a/openvswitch/values.yaml +++ b/openvswitch/values.yaml @@ -148,6 +148,10 @@ pod: nova: uid: 42424 +secrets: + oci_image_registry: + openvswitch: openvswitch-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -162,6 +166,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + openvswitch: + username: openvswitch + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null network_policy: openvswitch: @@ -198,6 +217,7 @@ manifests: daemonset_ovs_vswitchd: true job_image_repo_sync: true network_policy: false + secret_registry: true conf: openvswitch_db_server: diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml index b71bd310d..206ce9641 100644 --- a/postgresql/Chart.yaml +++ b/postgresql/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v9.6 description: OpenStack-Helm PostgreSQL name: postgresql -version: 0.1.15 +version: 0.1.16 home: https://www.postgresql.org sources: - https://github.com/postgres/postgres diff --git a/postgresql/templates/secret-registry.yaml b/postgresql/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/postgresql/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/postgresql/values.yaml b/postgresql/values.yaml index 2e6d4bda6..1df9275ca 100644 --- a/postgresql/values.yaml +++ b/postgresql/values.yaml @@ -340,6 +340,8 @@ conf: description: "Time at which postmaster started" secrets: + oci_image_registry: + postgresql: postgresql-oci-image-registry-key postgresql: admin: postgresql-admin exporter: postgresql-exporter @@ -366,6 +368,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + postresql: + username: postresql + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null postgresql: auth: admin: @@ -459,6 +476,7 @@ manifests: secret_etc: true secret_audit: true secret_backup_restore: false + secret_registry: true service: true statefulset: true cron_job_postgresql_backup: false diff --git a/powerdns/Chart.yaml b/powerdns/Chart.yaml index 2d3d02b21..16e908c2b 100644 --- a/powerdns/Chart.yaml +++ b/powerdns/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v4.1.10 description: OpenStack-Helm PowerDNS name: powerdns -version: 0.1.5 +version: 0.1.6 home: https://www.powerdns.com/ maintainers: - name: OpenStack-Helm Authors diff --git a/powerdns/templates/secret-registry.yaml b/powerdns/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/powerdns/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/powerdns/values.yaml b/powerdns/values.yaml index 1961c6c78..91a4cde70 100644 --- a/powerdns/values.yaml +++ b/powerdns/values.yaml @@ -135,6 +135,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + powerdns: + username: powerdns + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null powerdns: auth: service: @@ -170,6 +185,8 @@ endpoints: default: 3306 secrets: + oci_image_registry: + powerdns: powerdns-oci-image-registry-key oslo_db: admin: powerdns-db-admin powerdns: powerdns-db-user @@ -199,6 +216,7 @@ manifests: job_db_init: true job_db_sync: true secret_db: true + secret_registry: true service_dns: true service_api: false ... diff --git a/prometheus-alertmanager/Chart.yaml b/prometheus-alertmanager/Chart.yaml index 162cd8286..c197e4752 100644 --- a/prometheus-alertmanager/Chart.yaml +++ b/prometheus-alertmanager/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.20.0 description: OpenStack-Helm Alertmanager for Prometheus name: prometheus-alertmanager -version: 0.1.8 +version: 0.1.9 home: https://prometheus.io/docs/alerting/alertmanager/ sources: - https://github.com/prometheus/alertmanager diff --git a/prometheus-alertmanager/templates/secret-registry.yaml b/prometheus-alertmanager/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-alertmanager/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml index 1a005e340..045042257 100644 --- a/prometheus-alertmanager/values.yaml +++ b/prometheus-alertmanager/values.yaml @@ -114,6 +114,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-alertmanager: + username: prometheus-alertmanager + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null alertmanager: name: prometheus-alertmanager namespace: null @@ -194,6 +209,8 @@ network: port: 30903 secrets: + oci_image_registry: + prometheus-alertmanager: prometheus-alertmanager-oci-image-registry-key tls: alertmanager: alertmanager: @@ -217,6 +234,7 @@ manifests: network_policy: false secret_admin_user: true secret_ingress_tls: true + secret_registry: true service: true service_discovery: true service_ingress: true diff --git a/prometheus-blackbox-exporter/Chart.yaml b/prometheus-blackbox-exporter/Chart.yaml index 5acdd512c..afd7f7c53 100644 --- a/prometheus-blackbox-exporter/Chart.yaml +++ b/prometheus-blackbox-exporter/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v0.16.0 description: OpenStack-Helm blackbox exporter for Prometheus name: prometheus-blackbox-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/prometheus/blackbox_exporter sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/prometheus-blackbox-exporter/templates/secret-registry.yaml b/prometheus-blackbox-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-blackbox-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-blackbox-exporter/values.yaml b/prometheus-blackbox-exporter/values.yaml index 627aa4c10..80eb75dd2 100644 --- a/prometheus-blackbox-exporter/values.yaml +++ b/prometheus-blackbox-exporter/values.yaml @@ -30,8 +30,27 @@ service: annotations: {} port: 9115 +secrets: + oci_image_registry: + prometheus-blackbox-exporter: prometheus-blackbox-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-blackbox-exporter: + username: prometheus-blackbox-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null prometheus_blackbox_exporter: namespace: null hosts: @@ -118,4 +137,7 @@ config: valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] no_follow_redirects: false preferred_ip_protocol: "ip4" + +manifests: + secret_registry: true ... diff --git a/prometheus-kube-state-metrics/Chart.yaml b/prometheus-kube-state-metrics/Chart.yaml index f5c035392..f61ec5e20 100644 --- a/prometheus-kube-state-metrics/Chart.yaml +++ b/prometheus-kube-state-metrics/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.3.1 description: OpenStack-Helm Kube-State-Metrics for Prometheus name: prometheus-kube-state-metrics -version: 0.1.6 +version: 0.1.7 home: https://github.com/kubernetes/kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics diff --git a/prometheus-kube-state-metrics/templates/secret-registry.yaml b/prometheus-kube-state-metrics/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-kube-state-metrics/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-kube-state-metrics/values.yaml b/prometheus-kube-state-metrics/values.yaml index 283062f64..1e7d437e2 100644 --- a/prometheus-kube-state-metrics/values.yaml +++ b/prometheus-kube-state-metrics/values.yaml @@ -113,6 +113,10 @@ dependencies: kube_state_metrics: services: null +secrets: + oci_image_registry: + prometheus-kube-state-metrics: prometheus-kube-state-metrics-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -127,6 +131,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-kube-state-metrics: + username: prometheus-kube-state-metrics + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null kube_state_metrics: namespace: null hosts: @@ -179,6 +198,7 @@ manifests: deployment: true job_image_repo_sync: true network_policy: false + secret_registry: true service_kube_state_metrics: true service_controller_manager: true service_scheduler: true diff --git a/prometheus-node-exporter/Chart.yaml b/prometheus-node-exporter/Chart.yaml index fee63ead2..d6ffa6ecb 100644 --- a/prometheus-node-exporter/Chart.yaml +++ b/prometheus-node-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.18.1 description: OpenStack-Helm Node Exporter for Prometheus name: prometheus-node-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/prometheus/node_exporter sources: - https://github.com/prometheus/node_exporter diff --git a/prometheus-node-exporter/templates/secret-registry.yaml b/prometheus-node-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-node-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml index b4fe17b1f..f1c45d6d2 100644 --- a/prometheus-node-exporter/values.yaml +++ b/prometheus-node-exporter/values.yaml @@ -113,6 +113,10 @@ monitoring: node_exporter: scrape: true +secrets: + oci_image_registry: + prometheus-node-exporter: prometheus-node-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -127,6 +131,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-node-exporter: + username: prometheus-node-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null node_metrics: namespace: null hosts: @@ -145,6 +164,7 @@ manifests: configmap_bin: true daemonset: true job_image_repo_sync: true + secret_registry: true service: true conf: diff --git a/prometheus-openstack-exporter/Chart.yaml b/prometheus-openstack-exporter/Chart.yaml index 8efd749af..384ec1a6a 100644 --- a/prometheus-openstack-exporter/Chart.yaml +++ b/prometheus-openstack-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack Metrics Exporter for Prometheus name: prometheus-openstack-exporter -version: 0.1.6 +version: 0.1.7 home: https://github.com/openstack/openstack-helm-infra sources: - https://opendev.org/openstack/openstack-helm-infra diff --git a/prometheus-openstack-exporter/templates/secret-registry.yaml b/prometheus-openstack-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-openstack-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index bcb97421a..c5316a562 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -134,6 +134,8 @@ secrets: identity: admin: prometheus-openstack-exporter-keystone-admin user: prometheus-openstack-exporter-keystone-user + oci_image_registry: + prometheus-openstack-exporter: prometheus-openstack-exporter-oci-image-registry-key tls: identity: api: @@ -157,6 +159,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-openstack-exporter: + username: prometheus-openstack-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null prometheus_openstack_exporter: namespace: null hosts: @@ -227,5 +244,6 @@ manifests: job_ks_user: true network_policy: false secret_keystone: true + secret_registry: true service: true ... diff --git a/prometheus-process-exporter/Chart.yaml b/prometheus-process-exporter/Chart.yaml index 1c1b43ebd..8b1c76f81 100644 --- a/prometheus-process-exporter/Chart.yaml +++ b/prometheus-process-exporter/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v0.2.11 description: OpenStack-Helm Process Exporter for Prometheus name: prometheus-process-exporter -version: 0.1.4 +version: 0.1.5 home: https://github.com/openstack/openstack-helm-infra sources: - https://github.com/ncabatoff/process-exporter diff --git a/prometheus-process-exporter/templates/secret-registry.yaml b/prometheus-process-exporter/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus-process-exporter/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus-process-exporter/values.yaml b/prometheus-process-exporter/values.yaml index a5837c529..5cb99be03 100644 --- a/prometheus-process-exporter/values.yaml +++ b/prometheus-process-exporter/values.yaml @@ -115,6 +115,10 @@ monitoring: process_exporter: scrape: true +secrets: + oci_image_registry: + prometheus-process-exporter: prometheus-process-exporter-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -129,6 +133,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus-process-exporter: + username: prometheus-process-exporter + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null process_exporter_metrics: namespace: null hosts: @@ -154,6 +173,7 @@ manifests: configmap_bin: true daemonset: true job_image_repo_sync: true + secret_registry: true service: true conf: diff --git a/prometheus/Chart.yaml b/prometheus/Chart.yaml index d7f49ad8e..3413aeee7 100644 --- a/prometheus/Chart.yaml +++ b/prometheus/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.25.0 description: OpenStack-Helm Prometheus name: prometheus -version: 0.1.12 +version: 0.1.13 home: https://prometheus.io/ sources: - https://github.com/prometheus/prometheus diff --git a/prometheus/templates/secret-registry.yaml b/prometheus/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/prometheus/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 142e75884..5872f1739 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -137,6 +137,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + prometheus: + username: prometheus + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -257,6 +272,8 @@ network_policy: - {} secrets: + oci_image_registry: + prometheus: prometheus-oci-image-registry-key tls: monitoring: prometheus: @@ -302,6 +319,7 @@ manifests: network_policy: true secret_ingress_tls: true secret_prometheus: true + secret_registry: true service_ingress: true service: true statefulset_prometheus: true diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml index b6b99f135..1af35a358 100644 --- a/rabbitmq/Chart.yaml +++ b/rabbitmq/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v3.9.0 description: OpenStack-Helm RabbitMQ name: rabbitmq -version: 0.1.23 +version: 0.1.24 home: https://github.com/rabbitmq/rabbitmq-server ... diff --git a/rabbitmq/templates/secret-registry.yaml b/rabbitmq/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/rabbitmq/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 569b2834e..23b1266f1 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -269,6 +269,8 @@ network: nginx.ingress.kubernetes.io/rewrite-target: / secrets: + oci_image_registry: + rabbitmq: rabbitmq-oci-image-registry-key tls: oslo_messaging: server: @@ -291,6 +293,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + rabbitmq: + username: rabbitmq + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null monitoring: name: prometheus namespace: null @@ -406,6 +423,7 @@ manifests: pod_test: true secret_admin_user: true secret_erlang_cookie: true + secret_registry: true service_discovery: true service_ingress_management: true service: true diff --git a/redis/Chart.yaml b/redis/Chart.yaml index 589e52ab4..8f13833a6 100644 --- a/redis/Chart.yaml +++ b/redis/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v4.0.1 description: OpenStack-Helm Redis name: redis -version: 0.1.3 +version: 0.1.4 home: https://github.com/redis/redis ... diff --git a/redis/templates/secret-registry.yaml b/redis/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/redis/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/redis/values.yaml b/redis/values.yaml index 648a67014..03b13b04c 100644 --- a/redis/values.yaml +++ b/redis/values.yaml @@ -104,6 +104,10 @@ dependencies: redis: services: null +secrets: + oci_image_registry: + redis: redis-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -118,11 +122,27 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + redis: + username: redis + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null manifests: configmap_bin: true deployment: true job_image_repo_sync: true + secret_registry: true service: true helm_tests: true ... diff --git a/registry/Chart.yaml b/registry/Chart.yaml index ed6d87998..d94c2b20e 100644 --- a/registry/Chart.yaml +++ b/registry/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v2.0.0 description: OpenStack-Helm Docker Registry name: registry -version: 0.1.5 +version: 0.1.6 home: https://github.com/kubernetes/ingress sources: - https://opendev.org/openstack/openstack-helm diff --git a/registry/templates/secret-registry.yaml b/registry/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/registry/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/registry/values.yaml b/registry/values.yaml index 4dfd7380c..c2f23244d 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -163,6 +163,10 @@ dependencies: - endpoint: internal service: docker_registry +secrets: + oci_image_registry: + registry: registry-oci-image-registry-key + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -177,6 +181,21 @@ endpoints: port: registry: default: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + registry: + username: registry + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null docker_registry: name: docker-registry namespace: docker-registry @@ -207,5 +226,6 @@ manifests: job_bootstrap: true job_image_repo_sync: true pvc_images: true + secret_registry: true service_registry: true ... diff --git a/releasenotes/notes/calico.yaml b/releasenotes/notes/calico.yaml index f27ff2c32..de4bcda5e 100644 --- a/releasenotes/notes/calico.yaml +++ b/releasenotes/notes/calico.yaml @@ -5,4 +5,5 @@ calico: - 0.1.2 Use full image ref for docker official images - 0.1.3 Helm 3 - Fix Job labels - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-client.yaml b/releasenotes/notes/ceph-client.yaml index 14cea7144..a504d8cc3 100644 --- a/releasenotes/notes/ceph-client.yaml +++ b/releasenotes/notes/ceph-client.yaml @@ -37,4 +37,5 @@ ceph-client: - 0.1.34 Migrated CronJob resource to batch/v1 API version - 0.1.35 Handle multiple mon versions in the pool job - 0.1.36 Add the ability to run Ceph commands from values + - 0.1.37 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-mon.yaml b/releasenotes/notes/ceph-mon.yaml index 1a3668960..124d5c7c1 100644 --- a/releasenotes/notes/ceph-mon.yaml +++ b/releasenotes/notes/ceph-mon.yaml @@ -26,4 +26,5 @@ ceph-mon: - 0.1.23 Release-specific ceph-template configmap name - 0.1.24 Prevents mgr SA from repeated creation - 0.1.25 Allow for unconditional mon restart + - 0.1.26 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-osd.yaml b/releasenotes/notes/ceph-osd.yaml index 913a16d4f..040531f48 100644 --- a/releasenotes/notes/ceph-osd.yaml +++ b/releasenotes/notes/ceph-osd.yaml @@ -42,4 +42,5 @@ ceph-osd: - 0.1.39 Allow for unconditional OSD restart - 0.1.40 Remove udev interactions from osd-init - 0.1.41 Remove ceph-mon dependency in ceph-osd liveness probe + - 0.1.42 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-provisioners.yaml b/releasenotes/notes/ceph-provisioners.yaml index fec0417c3..5ce296dbd 100644 --- a/releasenotes/notes/ceph-provisioners.yaml +++ b/releasenotes/notes/ceph-provisioners.yaml @@ -20,4 +20,5 @@ ceph-provisioners: - 0.1.18 Update CSI images & fix ceph csi provisioner RBAC - 0.1.19 Add pods watch and list permissions to cluster role - 0.1.20 Add missing CRDs for volume snapshots (classes, contents) + - 0.1.21 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceph-rgw.yaml b/releasenotes/notes/ceph-rgw.yaml index 5ce097a92..8d953344b 100644 --- a/releasenotes/notes/ceph-rgw.yaml +++ b/releasenotes/notes/ceph-rgw.yaml @@ -23,4 +23,5 @@ ceph-rgw: - 0.1.20 Enable taint toleration for Openstack services jobs - 0.1.21 Correct mon discovery for multiple RGWs in different NS - 0.1.22 Update default image values + - 0.1.23 Added OCI registry authentication ... diff --git a/releasenotes/notes/cert-rotation.yaml b/releasenotes/notes/cert-rotation.yaml index 571020252..8ada06b25 100644 --- a/releasenotes/notes/cert-rotation.yaml +++ b/releasenotes/notes/cert-rotation.yaml @@ -6,4 +6,5 @@ cert-rotation: - 0.1.3 Update htk requirements - 0.1.4 Consider initContainers when restarting resources - 0.1.5 Migrated CronJob resource to batch/v1 API version + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/daemonjob-controller.yaml b/releasenotes/notes/daemonjob-controller.yaml index c953f47f7..5098de099 100644 --- a/releasenotes/notes/daemonjob-controller.yaml +++ b/releasenotes/notes/daemonjob-controller.yaml @@ -6,4 +6,5 @@ daemonjob-controller: - 0.1.3 Update to container image repo k8s.gcr.io - 0.1.4 Use full image ref for docker official images - 0.1.5 Update htk requirements + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-apm-server.yaml b/releasenotes/notes/elastic-apm-server.yaml index efe91b82e..c58f5ad91 100644 --- a/releasenotes/notes/elastic-apm-server.yaml +++ b/releasenotes/notes/elastic-apm-server.yaml @@ -4,4 +4,5 @@ elastic-apm-server: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-filebeat.yaml b/releasenotes/notes/elastic-filebeat.yaml index fe6f78847..19e752451 100644 --- a/releasenotes/notes/elastic-filebeat.yaml +++ b/releasenotes/notes/elastic-filebeat.yaml @@ -4,4 +4,5 @@ elastic-filebeat: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-metricbeat.yaml b/releasenotes/notes/elastic-metricbeat.yaml index f6ed94f3f..1da5441a3 100644 --- a/releasenotes/notes/elastic-metricbeat.yaml +++ b/releasenotes/notes/elastic-metricbeat.yaml @@ -5,4 +5,5 @@ elastic-metricbeat: - 0.1.2 Update RBAC apiVersion from /v1beta1 to /v1 - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/elastic-packetbeat.yaml b/releasenotes/notes/elastic-packetbeat.yaml index 79f199a00..b40d4188f 100644 --- a/releasenotes/notes/elastic-packetbeat.yaml +++ b/releasenotes/notes/elastic-packetbeat.yaml @@ -4,4 +4,5 @@ elastic-packetbeat: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/elasticsearch.yaml b/releasenotes/notes/elasticsearch.yaml index 0675888b4..1c6aa4ee5 100644 --- a/releasenotes/notes/elasticsearch.yaml +++ b/releasenotes/notes/elasticsearch.yaml @@ -30,4 +30,5 @@ elasticsearch: - 0.2.18 Update default image value to Wallaby - 0.2.19 Migrated CronJob resource to batch/v1 API version - 0.2.20 Set default python for helm test + - 0.2.21 Added OCI registry authentication ... diff --git a/releasenotes/notes/etcd.yaml b/releasenotes/notes/etcd.yaml index a6c749304..54935db4b 100644 --- a/releasenotes/notes/etcd.yaml +++ b/releasenotes/notes/etcd.yaml @@ -5,4 +5,5 @@ etcd: - 0.1.2 Update to container image repo k8s.gcr.io - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/falco.yaml b/releasenotes/notes/falco.yaml index a91458e71..db46fc28c 100644 --- a/releasenotes/notes/falco.yaml +++ b/releasenotes/notes/falco.yaml @@ -7,4 +7,5 @@ falco: - 0.1.4 Remove kafka residue - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/flannel.yaml b/releasenotes/notes/flannel.yaml index f3b021310..a1279453a 100644 --- a/releasenotes/notes/flannel.yaml +++ b/releasenotes/notes/flannel.yaml @@ -4,4 +4,5 @@ flannel: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/fluentbit.yaml b/releasenotes/notes/fluentbit.yaml index ecdcc0e5d..3832669df 100644 --- a/releasenotes/notes/fluentbit.yaml +++ b/releasenotes/notes/fluentbit.yaml @@ -4,4 +4,5 @@ fluentbit: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/fluentd.yaml b/releasenotes/notes/fluentd.yaml index 7a3b877be..b0c5e088d 100644 --- a/releasenotes/notes/fluentd.yaml +++ b/releasenotes/notes/fluentd.yaml @@ -8,4 +8,5 @@ fluentd: - 0.1.5 Kafka brokers defined as a list with port "kafka1:9092,kafka2:9020,kafka3:9092" - 0.1.6 Update htk requirements - 0.1.7 Update default image values to Wallaby + - 0.1.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/grafana.yaml b/releasenotes/notes/grafana.yaml index 6e0205323..20c41cfbd 100644 --- a/releasenotes/notes/grafana.yaml +++ b/releasenotes/notes/grafana.yaml @@ -15,4 +15,5 @@ grafana: - 0.1.12 Add iDRAC dashboard to Grafana - 0.1.13 Update prometheus metric name - 0.1.14 Add run migrator job + - 0.1.15 Added OCI registry authentication ... diff --git a/releasenotes/notes/helm-toolkit.yaml b/releasenotes/notes/helm-toolkit.yaml index f592c6011..b0b828442 100644 --- a/releasenotes/notes/helm-toolkit.yaml +++ b/releasenotes/notes/helm-toolkit.yaml @@ -50,4 +50,5 @@ helm-toolkit: - 0.2.41 Database B/R - archive name parser added - 0.2.42 Database B/R - fix to make script compliant with a retention policy - 0.2.43 Support having a single external ingress controller + - 0.2.44 Added OCI registry authentication ... diff --git a/releasenotes/notes/ingress.yaml b/releasenotes/notes/ingress.yaml index f1d929536..d69ce41d5 100644 --- a/releasenotes/notes/ingress.yaml +++ b/releasenotes/notes/ingress.yaml @@ -12,4 +12,5 @@ ingress: - 0.2.6 Add option to assign VIP as externalIP - 0.2.7 Enable taint toleration for Openstack services jobs - 0.2.8 Uplift ingress to 1.1.3 + - 0.2.9 Added OCI registry authentication ... diff --git a/releasenotes/notes/kibana.yaml b/releasenotes/notes/kibana.yaml index ef95566bf..3ce9dc443 100644 --- a/releasenotes/notes/kibana.yaml +++ b/releasenotes/notes/kibana.yaml @@ -11,4 +11,5 @@ kibana: - 0.1.8 Update htk requirements - 0.1.9 Revert removing Kibana indices before pod start up - 0.1.10 Update image defaults + - 0.1.11 Added OCI registry authentication ... diff --git a/releasenotes/notes/kube-dns.yaml b/releasenotes/notes/kube-dns.yaml index 388471dc0..6fb5bba1c 100644 --- a/releasenotes/notes/kube-dns.yaml +++ b/releasenotes/notes/kube-dns.yaml @@ -5,4 +5,5 @@ kube-dns: - 0.1.2 Update to container image repo k8s.gcr.io - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/kubernetes-keystone-webhook.yaml b/releasenotes/notes/kubernetes-keystone-webhook.yaml index 44bcabad3..84be358b0 100644 --- a/releasenotes/notes/kubernetes-keystone-webhook.yaml +++ b/releasenotes/notes/kubernetes-keystone-webhook.yaml @@ -7,4 +7,5 @@ kubernetes-keystone-webhook: - 0.1.4 Use full image ref for docker official images - 0.1.5 Update htk requirements - 0.1.6 Update default image value to Wallaby + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/kubernetes-node-problem-detector.yaml b/releasenotes/notes/kubernetes-node-problem-detector.yaml index 82dcac7c6..fe193ad84 100644 --- a/releasenotes/notes/kubernetes-node-problem-detector.yaml +++ b/releasenotes/notes/kubernetes-node-problem-detector.yaml @@ -7,4 +7,5 @@ kubernetes-node-problem-detector: - 0.1.4 Update the systemd-monitor lookback duration - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/ldap.yaml b/releasenotes/notes/ldap.yaml index b56d8302a..27709bd25 100644 --- a/releasenotes/notes/ldap.yaml +++ b/releasenotes/notes/ldap.yaml @@ -4,4 +4,5 @@ ldap: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/libvirt.yaml b/releasenotes/notes/libvirt.yaml index cba980311..6e11b5285 100644 --- a/releasenotes/notes/libvirt.yaml +++ b/releasenotes/notes/libvirt.yaml @@ -13,4 +13,5 @@ libvirt: - 0.1.10 Enable taint toleration for Openstack services jobs - 0.1.11 Remove unused overrides and update default image - 0.1.12 Add libvirt exporter as a sidecar + - 0.1.13 Added OCI registry authentication ... diff --git a/releasenotes/notes/mariadb.yaml b/releasenotes/notes/mariadb.yaml index bece0b48f..b89d29ad5 100644 --- a/releasenotes/notes/mariadb.yaml +++ b/releasenotes/notes/mariadb.yaml @@ -41,4 +41,5 @@ mariadb: - 0.2.23 Fix backup script by ignoring sys database for MariaDB 10.6 compartibility - 0.2.24 Uplift Mariadb-ingress to 1.2.0 - 0.2.25 Add liveness probe to restart a pod that got stuck in a transfer wsrep_local_state_comment + - 0.2.26 Added OCI registry authentication ... diff --git a/releasenotes/notes/memcached.yaml b/releasenotes/notes/memcached.yaml index 1b680f798..01f426978 100644 --- a/releasenotes/notes/memcached.yaml +++ b/releasenotes/notes/memcached.yaml @@ -12,4 +12,5 @@ memcached: - 0.1.9 Revert naming for subchart compatibility - 0.1.10 Updated naming for subchart compatibility - 0.1.11 Remove gnocchi netpol override + - 0.1.12 Added OCI registry authentication ... diff --git a/releasenotes/notes/metacontroller.yaml b/releasenotes/notes/metacontroller.yaml index ad153fdfd..29f560379 100644 --- a/releasenotes/notes/metacontroller.yaml +++ b/releasenotes/notes/metacontroller.yaml @@ -6,4 +6,5 @@ metacontroller: - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements - 0.1.5 Fix field validation error + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/mongodb.yaml b/releasenotes/notes/mongodb.yaml index 45fb4122b..30f2bb1fa 100644 --- a/releasenotes/notes/mongodb.yaml +++ b/releasenotes/notes/mongodb.yaml @@ -4,4 +4,5 @@ mongodb: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/nagios.yaml b/releasenotes/notes/nagios.yaml index 8984e836a..965d487f8 100644 --- a/releasenotes/notes/nagios.yaml +++ b/releasenotes/notes/nagios.yaml @@ -6,4 +6,5 @@ nagios: - 0.1.3 Mount internal TLS CA certificate - 0.1.4 Update htk requirements - 0.1.5 Switch nagios image from xenial to bionic + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/nfs-provisioner.yaml b/releasenotes/notes/nfs-provisioner.yaml index f47a9a42b..e62ee39f4 100644 --- a/releasenotes/notes/nfs-provisioner.yaml +++ b/releasenotes/notes/nfs-provisioner.yaml @@ -4,4 +4,5 @@ nfs-provisioner: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/openvswitch.yaml b/releasenotes/notes/openvswitch.yaml index 637db0ac2..31d723a78 100644 --- a/releasenotes/notes/openvswitch.yaml +++ b/releasenotes/notes/openvswitch.yaml @@ -8,4 +8,5 @@ openvswitch: - 0.1.5 Use full image ref for docker official images - 0.1.6 Update htk requirements - 0.1.7 Enable taint toleration for Openstack services jobs + - 0.1.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/postgresql.yaml b/releasenotes/notes/postgresql.yaml index 9cc70aad4..0ea3f7898 100644 --- a/releasenotes/notes/postgresql.yaml +++ b/releasenotes/notes/postgresql.yaml @@ -16,4 +16,5 @@ postgresql: - 0.1.13 Remove set -x - 0.1.14 Fix invalid fields in values - 0.1.15 Migrated CronJob resource to batch/v1 API version + - 0.1.16 Added OCI registry authentication ... diff --git a/releasenotes/notes/powerdns.yaml b/releasenotes/notes/powerdns.yaml index 76aa39b1e..dba98a577 100644 --- a/releasenotes/notes/powerdns.yaml +++ b/releasenotes/notes/powerdns.yaml @@ -6,4 +6,5 @@ powerdns: - 0.1.3 Helm 3 - Fix Job labels - 0.1.4 Update htk requirements - 0.1.5 Update default image values + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-alertmanager.yaml b/releasenotes/notes/prometheus-alertmanager.yaml index a52bf9878..dd4583aa8 100644 --- a/releasenotes/notes/prometheus-alertmanager.yaml +++ b/releasenotes/notes/prometheus-alertmanager.yaml @@ -9,4 +9,5 @@ prometheus-alertmanager: - 0.1.6 Remove Alerta from openstack-helm-infra repository - 0.1.7 Use full image ref for docker official images - 0.1.8 Update htk requirements + - 0.1.9 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-blackbox-exporter.yaml b/releasenotes/notes/prometheus-blackbox-exporter.yaml index d75df8569..7b3b82658 100644 --- a/releasenotes/notes/prometheus-blackbox-exporter.yaml +++ b/releasenotes/notes/prometheus-blackbox-exporter.yaml @@ -5,4 +5,5 @@ prometheus-blackbox-exporter: - 0.1.2 Rename image key name - 0.1.3 Update htk requirements - 0.1.4 Fix indentation + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-kube-state-metrics.yaml b/releasenotes/notes/prometheus-kube-state-metrics.yaml index ab6ffcd20..3c9094301 100644 --- a/releasenotes/notes/prometheus-kube-state-metrics.yaml +++ b/releasenotes/notes/prometheus-kube-state-metrics.yaml @@ -7,4 +7,5 @@ prometheus-kube-state-metrics: - 0.1.4 Use full image ref for docker official images - 0.1.5 Fix helm3 compatability - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-node-exporter.yaml b/releasenotes/notes/prometheus-node-exporter.yaml index 3afa2fc04..fe3335129 100644 --- a/releasenotes/notes/prometheus-node-exporter.yaml +++ b/releasenotes/notes/prometheus-node-exporter.yaml @@ -5,4 +5,5 @@ prometheus-node-exporter: - 0.1.2 Add possibility to use overrides for some charts - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-openstack-exporter.yaml b/releasenotes/notes/prometheus-openstack-exporter.yaml index da3051883..061a8ecda 100644 --- a/releasenotes/notes/prometheus-openstack-exporter.yaml +++ b/releasenotes/notes/prometheus-openstack-exporter.yaml @@ -7,4 +7,5 @@ prometheus-openstack-exporter: - 0.1.4 Use full image ref for docker official images - 0.1.5 Helm 3 - Fix Job labels - 0.1.6 Update htk requirements + - 0.1.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus-process-exporter.yaml b/releasenotes/notes/prometheus-process-exporter.yaml index a173a56a8..665955cd9 100644 --- a/releasenotes/notes/prometheus-process-exporter.yaml +++ b/releasenotes/notes/prometheus-process-exporter.yaml @@ -5,4 +5,5 @@ prometheus-process-exporter: - 0.1.2 Fix values_overrides directory naming - 0.1.3 Use full image ref for docker official images - 0.1.4 Update htk requirements + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/prometheus.yaml b/releasenotes/notes/prometheus.yaml index f6c23da3e..0e38e442d 100644 --- a/releasenotes/notes/prometheus.yaml +++ b/releasenotes/notes/prometheus.yaml @@ -13,4 +13,5 @@ prometheus: - 0.1.10 Use full image ref for docker official images - 0.1.11 Update htk requirements - 0.1.12 Update default image value to Wallaby + - 0.1.13 Added OCI registry authentication ... diff --git a/releasenotes/notes/rabbitmq.yaml b/releasenotes/notes/rabbitmq.yaml index ca1394923..4b77eff27 100644 --- a/releasenotes/notes/rabbitmq.yaml +++ b/releasenotes/notes/rabbitmq.yaml @@ -23,4 +23,5 @@ rabbitmq: - 0.1.21 Updated naming for subchart compatibility - 0.1.22 Remove guest admin account - 0.1.23 Fixed guest account removal + - 0.1.24 Added OCI registry authentication ... diff --git a/releasenotes/notes/redis.yaml b/releasenotes/notes/redis.yaml index 282de9215..d7dfc3219 100644 --- a/releasenotes/notes/redis.yaml +++ b/releasenotes/notes/redis.yaml @@ -4,4 +4,5 @@ redis: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Use full image ref for docker official images - 0.1.3 Update htk requirements + - 0.1.4 Added OCI registry authentication ... diff --git a/releasenotes/notes/registry.yaml b/releasenotes/notes/registry.yaml index 1ababbda3..a8dd8faeb 100644 --- a/releasenotes/notes/registry.yaml +++ b/releasenotes/notes/registry.yaml @@ -6,4 +6,5 @@ registry: - 0.1.3 Use full image ref for docker official images - 0.1.4 Helm 3 - Fix Job labels - 0.1.5 Update htk requirements + - 0.1.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/shaker.yaml b/releasenotes/notes/shaker.yaml index ea9a402e6..e5f949f4b 100644 --- a/releasenotes/notes/shaker.yaml +++ b/releasenotes/notes/shaker.yaml @@ -6,4 +6,5 @@ shaker: - 0.1.3 Fix helm3 linting issue - 0.1.4 Update htk requirements - 0.1.5 Update default image value + - 0.1.6 Added OCI registry authentication ... diff --git a/shaker/Chart.yaml b/shaker/Chart.yaml index 8722c8df9..0a46988b1 100644 --- a/shaker/Chart.yaml +++ b/shaker/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Shaker name: shaker -version: 0.1.5 +version: 0.1.6 home: https://pyshaker.readthedocs.io/en/latest/index.html icon: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTlnnEExfz6H9bBFFDxsDm5mVTdKWOt6Hw2_3aJ7hVkNdDdTCrimQ sources: diff --git a/shaker/templates/secret-registry.yaml b/shaker/templates/secret-registry.yaml new file mode 100644 index 000000000..da979b322 --- /dev/null +++ b/shaker/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/shaker/values.yaml b/shaker/values.yaml index cdd38a43f..4c656108f 100644 --- a/shaker/values.yaml +++ b/shaker/values.yaml @@ -172,6 +172,8 @@ secrets: identity: admin: shaker-keystone-admin shaker: shaker-keystone-user + oci_image_registry: + shaker: shaker-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local @@ -187,6 +189,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + shaker: + username: shaker + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -248,4 +265,5 @@ manifests: pod_shaker_test: true service_shaker: true secret_keystone: true + secret_registry: true ...