mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

feat: add ability to define flavour for tag (#2881)

Browse source 
Signed-off-by: Allen Conlon <allen@conlon.dev>
This commit is contained in:
Allen Conlon 2024-01-03 17:19:31 -05:00 committed by GitHub
parent bfc158aaa0
commit 0fbc4a8340
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 79 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
deploy/charts/external-secrets/README.md
View file

@ -44,6 +44,7 @@ The command removes all the Kubernetes components associated with the chart and
| certController.extraVolumes | list | `[]` | | | certController.extraVolumes | list | `[]` | |
| certController.fullnameOverride | string | `""` | | | certController.fullnameOverride | string | `""` | |
| certController.hostNetwork | bool | `false` | Run the certController on the host network | | certController.hostNetwork | bool | `false` | Run the certController on the host network |
| certController.image.flavour | string | `""` | |
| certController.image.pullPolicy | string | `"IfNotPresent"` | | | certController.image.pullPolicy | string | `"IfNotPresent"` | |
| certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | |
| certController.image.tag | string | `""` | | | certController.image.tag | string | `""` | |
@ -98,9 +99,10 @@ The command removes all the Kubernetes components associated with the chart and
| extraVolumes | list | `[]` | | | extraVolumes | list | `[]` | |
| fullnameOverride | string | `""` | | | fullnameOverride | string | `""` | |
| hostNetwork | bool | `false` | Run the controller on the host network | | hostNetwork | bool | `false` | Run the controller on the host network |
| image.flavour | string | `""` | The flavour of tag you want to use There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. |
| image.pullPolicy | string | `"IfNotPresent"` | | | image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | |
| image.tag | string | `""` | The image tag to use. The default is the chart appVersion. There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. | | image.tag | string | `""` | The image tag to use. The default is the chart appVersion. |
| imagePullSecrets | list | `[]` | | | imagePullSecrets | list | `[]` | |
| installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. | | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. |
| leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. | | leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. |
@ -166,6 +168,7 @@ The command removes all the Kubernetes components associated with the chart and
| webhook.failurePolicy | string | `"Fail"` | Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore | | webhook.failurePolicy | string | `"Fail"` | Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore |
| webhook.fullnameOverride | string | `""` | | | webhook.fullnameOverride | string | `""` | |
| webhook.hostNetwork | bool | `false` | Specifies if webhook pod should use hostNetwork or not. | | webhook.hostNetwork | bool | `false` | Specifies if webhook pod should use hostNetwork or not. |
| webhook.image.flavour | string | `""` | The flavour of tag you want to use |
| webhook.image.pullPolicy | string | `"IfNotPresent"` | | | webhook.image.pullPolicy | string | `"IfNotPresent"` | |
| webhook.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | webhook.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | |
| webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | | webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. |

10
deploy/charts/external-secrets/templates/_helpers.tpl
View file

@ -133,3 +133,13 @@ Create the name of the service account to use
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Determine the image to use, including if using a flavour.
*/}}
{{- define "external-secrets.image" -}}
{{- if .image.flavour -}}
{{ printf "%s:%s-%s" .image.repository (.image.tag | default .chartAppVersion) .image.flavour }}
{{- else }}
{{ printf "%s:%s" .image.repository (.image.tag | default .chartAppVersion) }}
{{- end }}
{{- end }}

2
deploy/charts/external-secrets/templates/cert-controller-deployment.yaml
View file

@ -45,7 +45,7 @@ spec:
securityContext: securityContext:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
image: "{{ .Values.certController.image.repository }}:{{ .Values.certController.image.tag | default .Chart.AppVersion }}" image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.certController.image) | trim }}
imagePullPolicy: {{ .Values.certController.image.pullPolicy }} imagePullPolicy: {{ .Values.certController.image.pullPolicy }}
args: args:
- certcontroller - certcontroller

2
deploy/charts/external-secrets/templates/deployment.yaml
View file

@ -45,7 +45,7 @@ spec:
securityContext: securityContext:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.image) | trim }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if or (.Values.leaderElect) (.Values.scopedNamespace) (.Values.processClusterStore) (.Values.processClusterExternalSecret) (.Values.concurrent) (.Values.extraArgs) }} {{- if or (.Values.leaderElect) (.Values.scopedNamespace) (.Values.processClusterStore) (.Values.processClusterExternalSecret) (.Values.concurrent) (.Values.extraArgs) }}
args: args:

2
deploy/charts/external-secrets/templates/webhook-deployment.yaml
View file

@ -45,7 +45,7 @@ spec:
securityContext: securityContext:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}" image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.webhook.image) | trim }}
imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
args: args:
- webhook - webhook

17
deploy/charts/external-secrets/tests/cert_controller_test.yaml
View file

@ -61,3 +61,20 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].args[6] path: spec.template.spec.containers[0].args[6]
value: "--metrics-addr=:8888" value: "--metrics-addr=:8888"
- it: should override image flavour
set:
certController.image.repository: ghcr.io/external-secrets/external-secrets
certController.image.tag: v0.9.8
certController.image.flavour: ubi-boringssl
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl
- it: should override image flavour
set:
certController.image.repository: example.com/external-secrets/external-secrets
certController.image.tag: v0.9.9-ubi
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: example.com/external-secrets/external-secrets:v0.9.9-ubi

17
deploy/charts/external-secrets/tests/controller_test.yaml
View file

@ -54,3 +54,20 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].args[1] path: spec.template.spec.containers[0].args[1]
value: "--metrics-addr=:8888" value: "--metrics-addr=:8888"
- it: should override image flavour
set:
image.repository: ghcr.io/external-secrets/external-secrets
image.tag: v0.9.8
image.flavour: ubi-boringssl
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl
- it: should override image flavour
set:
image.repository: example.com/external-secrets/external-secrets
image.tag: v0.9.9-ubi
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: example.com/external-secrets/external-secrets:v0.9.9-ubi

21
deploy/charts/external-secrets/tests/webhook_test.yaml
View file

@ -170,3 +170,24 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].args[5] path: spec.template.spec.containers[0].args[5]
value: "--metrics-addr=:8888" value: "--metrics-addr=:8888"
- it: should override image flavour
set:
webhook.image.repository: ghcr.io/external-secrets/external-secrets
webhook.image.tag: v0.9.8
webhook.image.flavour: ubi-boringssl
templates:
- webhook-deployment.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl
- it: should override image flavour
set:
webhook.image.repository: example.com/external-secrets/external-secrets
webhook.image.tag: v0.9.9-ubi
templates:
- webhook-deployment.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: example.com/external-secrets/external-secrets:v0.9.9-ubi

9
deploy/charts/external-secrets/values.yaml
View file

@ -7,10 +7,12 @@ image:
repository: ghcr.io/external-secrets/external-secrets repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# -- The image tag to use. The default is the chart appVersion. # -- The image tag to use. The default is the chart appVersion.
tag: ""
# -- The flavour of tag you want to use
# There are different image flavours available, like distroless and ubi. # There are different image flavours available, like distroless and ubi.
# Please see GitHub release notes for image tags for these flavors. # Please see GitHub release notes for image tags for these flavors.
# By default the distroless image is used. # By default the distroless image is used.
tag: "" flavour: ""
# -- If set, install and upgrade CRDs through helm chart. # -- If set, install and upgrade CRDs through helm chart.
installCRDs: true installCRDs: true
@ -224,8 +226,10 @@ webhook:
image: image:
repository: ghcr.io/external-secrets/external-secrets repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# -- The image tag to use. The default is the chart appVersion. # -- The image tag to use. The default is the chart appVersion.
tag: "" tag: ""
# -- The flavour of tag you want to use
flavour: ""
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@ -376,6 +380,7 @@ certController:
repository: ghcr.io/external-secrets/external-secrets repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "" tag: ""
flavour: ""
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""