From 212445f2cf74c44aaea8296e2257b03cec287f3e Mon Sep 17 00:00:00 2001
From: Franco Hielpos <48300215+fhielpos@users.noreply.github.com>
Date: Thu, 19 Oct 2023 15:42:14 +0200
Subject: [PATCH] feat: Implement global values for image registry in Kyverno
Helm chart (#8625)
* feat: Add image registry to global values
Signed-off-by: Franco <franco@giantswarm.io>
* Fix indentation
Signed-off-by: Franco <franco@giantswarm.io>
* Update documentation
Signed-off-by: Franco <franco@giantswarm.io>
---------
Signed-off-by: Franco <franco@giantswarm.io>
---
charts/kyverno/README.md | 6 +++++-
charts/kyverno/templates/_helpers/_image.tpl | 5 +++--
.../admission-controller/deployment.yaml | 4 ++--
.../background-controller/_helpers.tpl | 5 +++--
.../background-controller/deployment.yaml | 2 +-
.../templates/cleanup-controller/_helpers.tpl | 5 +++--
.../cleanup-controller/deployment.yaml | 2 +-
.../cleanup/cleanup-admission-reports.yaml | 2 +-
.../cleanup-cluster-admission-reports.yaml | 2 +-
.../kyverno/templates/hooks/pre-delete.yaml | 3 ++-
.../templates/reports-controller/_helpers.tpl | 5 +++--
.../reports-controller/deployment.yaml | 2 +-
charts/kyverno/values.yaml | 19 +++++++++++++++++--
13 files changed, 43 insertions(+), 19 deletions(-)
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index a947736915..4a556652f5 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -629,7 +629,10 @@ The chart values are organised per component.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| webhooksCleanup.enabled | bool | `true` | Create a helm pre-delete hook to cleanup webhooks. |
-| webhooksCleanup.image | string | `"bitnami/kubectl:latest"` | `kubectl` image to run commands for deleting webhooks. |
+| webhooksCleanup.image.registry | string | `nil` | Image registry |
+| webhooksCleanup.image.repository | string | `"bitnami/kubectl"` | Image repository |
+| webhooksCleanup.image.tag | string | `"1.26.4"` | Image tag Defaults to `latest` if omitted |
+| webhooksCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
| webhooksCleanup.imagePullSecrets | list | `[]` | Image pull secrets |
| webhooksCleanup.podSecurityContext | object | `{}` | Security context for the pod |
| webhooksCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
@@ -704,6 +707,7 @@ The chart values are organised per component.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
+| global.image.registry | string | `nil` | Global value that allows to set a single image registry across all deployments. When set, it will override any values set under `.image.registry` across the chart. |
| nameOverride | string | `nil` | Override the name of the chart |
| fullnameOverride | string | `nil` | Override the expanded name of the chart |
| namespaceOverride | string | `nil` | Override the namespace the chart deploys to |
diff --git a/charts/kyverno/templates/_helpers/_image.tpl b/charts/kyverno/templates/_helpers/_image.tpl
index 87d6d3b608..90f95d0c31 100644
--- a/charts/kyverno/templates/_helpers/_image.tpl
+++ b/charts/kyverno/templates/_helpers/_image.tpl
@@ -5,8 +5,9 @@
{{- if not (typeIs "string" $tag) -}}
{{ fail "Image tags must be strings." }}
{{- end -}}
-{{- if .image.registry -}}
- {{- print .image.registry "/" (required "An image repository is required" .image.repository) ":" $tag -}}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+ {{- print $imageRegistry "/" (required "An image repository is required" .image.repository) ":" $tag -}}
{{- else -}}
{{- print (required "An image repository is required" .image.repository) ":" $tag -}}
{{- end -}}
diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml
index ae9c398fe4..42e3396ccf 100644
--- a/charts/kyverno/templates/admission-controller/deployment.yaml
+++ b/charts/kyverno/templates/admission-controller/deployment.yaml
@@ -78,7 +78,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
- name: kyverno-pre
- image: {{ include "kyverno.image" (dict "image" .Values.admissionController.initContainer.image "defaultTag" (default .Chart.AppVersion .Values.admissionController.container.image.tag)) | quote }}
+ image: {{ include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.admissionController.initContainer.image "defaultTag" (default .Chart.AppVersion .Values.admissionController.container.image.tag)) | quote }}
imagePullPolicy: {{ default .Values.admissionController.container.image.pullPolicy .Values.admissionController.initContainer.image.pullPolicy }}
args:
{{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.admissionController.featuresOverride)
@@ -124,7 +124,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
- name: kyverno
- image: {{ include "kyverno.image" (dict "image" .Values.admissionController.container.image "defaultTag" .Chart.AppVersion) | quote }}
+ image: {{ include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.admissionController.container.image "defaultTag" .Chart.AppVersion) | quote }}
imagePullPolicy: {{ .Values.admissionController.container.image.pullPolicy }}
args:
- --caSecretName={{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.kyverno-tls-ca
diff --git a/charts/kyverno/templates/background-controller/_helpers.tpl b/charts/kyverno/templates/background-controller/_helpers.tpl
index fe34496c60..20d0fd788e 100644
--- a/charts/kyverno/templates/background-controller/_helpers.tpl
+++ b/charts/kyverno/templates/background-controller/_helpers.tpl
@@ -19,8 +19,9 @@
{{- end -}}
{{- define "kyverno.background-controller.image" -}}
-{{- if .image.registry -}}
- {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+ {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- else -}}
{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- end -}}
diff --git a/charts/kyverno/templates/background-controller/deployment.yaml b/charts/kyverno/templates/background-controller/deployment.yaml
index fbbb38cff6..bb80f5f42f 100644
--- a/charts/kyverno/templates/background-controller/deployment.yaml
+++ b/charts/kyverno/templates/background-controller/deployment.yaml
@@ -76,7 +76,7 @@ spec:
serviceAccountName: {{ template "kyverno.background-controller.serviceAccountName" . }}
containers:
- name: controller
- image: {{ include "kyverno.background-controller.image" (dict "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }}
+ image: {{ include "kyverno.background-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }}
imagePullPolicy: {{ .Values.backgroundController.image.pullPolicy }}
ports:
- containerPort: 9443
diff --git a/charts/kyverno/templates/cleanup-controller/_helpers.tpl b/charts/kyverno/templates/cleanup-controller/_helpers.tpl
index c97ccdd311..f8da54e192 100644
--- a/charts/kyverno/templates/cleanup-controller/_helpers.tpl
+++ b/charts/kyverno/templates/cleanup-controller/_helpers.tpl
@@ -19,8 +19,9 @@
{{- end -}}
{{- define "kyverno.cleanup-controller.image" -}}
-{{- if .image.registry -}}
- {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+ {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- else -}}
{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- end -}}
diff --git a/charts/kyverno/templates/cleanup-controller/deployment.yaml b/charts/kyverno/templates/cleanup-controller/deployment.yaml
index ad8fb8817a..5f2a3d587b 100644
--- a/charts/kyverno/templates/cleanup-controller/deployment.yaml
+++ b/charts/kyverno/templates/cleanup-controller/deployment.yaml
@@ -76,7 +76,7 @@ spec:
serviceAccountName: {{ template "kyverno.cleanup-controller.serviceAccountName" . }}
containers:
- name: controller
- image: {{ include "kyverno.cleanup-controller.image" (dict "image" .Values.cleanupController.image "defaultTag" .Chart.AppVersion) | quote }}
+ image: {{ include "kyverno.cleanup-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupController.image "defaultTag" .Chart.AppVersion) | quote }}
imagePullPolicy: {{ .Values.cleanupController.image.pullPolicy }}
ports:
- containerPort: 9443
diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
index 1a39820b4d..52a697f5de 100644
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@@ -31,7 +31,7 @@ spec:
{{- end }}
containers:
- name: cleanup
- image: {{ (include "kyverno.image" .Values.cleanupJobs.admissionReports) | quote }}
+ image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupJobs.admissionReports.image)) | quote }}
imagePullPolicy: {{ .Values.cleanupJobs.admissionReports.image.pullPolicy }}
command:
- /bin/sh
diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
index f67d8b0a7f..e5c50a5880 100644
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@@ -31,7 +31,7 @@ spec:
{{- end }}
containers:
- name: cleanup
- image: {{ (include "kyverno.image" .Values.cleanupJobs.clusterAdmissionReports) | quote }}
+ image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupJobs.clusterAdmissionReports.image)) | quote }}
imagePullPolicy: {{ .Values.cleanupJobs.clusterAdmissionReports.image.pullPolicy }}
command:
- /bin/sh
diff --git a/charts/kyverno/templates/hooks/pre-delete.yaml b/charts/kyverno/templates/hooks/pre-delete.yaml
index ee2088aad3..f6bbb42cb1 100644
--- a/charts/kyverno/templates/hooks/pre-delete.yaml
+++ b/charts/kyverno/templates/hooks/pre-delete.yaml
@@ -26,7 +26,8 @@ spec:
{{- end }}
containers:
- name: kubectl
- image: {{ .Values.webhooksCleanup.image }}
+ image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.webhooksCleanup.image "defaultTag" (default .Chart.AppVersion .Values.webhooksCleanup.image.tag))) | quote }}
+ imagePullPolicy: {{ .Values.webhooksCleanup.image.pullPolicy }}
command:
- sh
- '-c'
diff --git a/charts/kyverno/templates/reports-controller/_helpers.tpl b/charts/kyverno/templates/reports-controller/_helpers.tpl
index b09f5610e2..d5fd852be1 100644
--- a/charts/kyverno/templates/reports-controller/_helpers.tpl
+++ b/charts/kyverno/templates/reports-controller/_helpers.tpl
@@ -19,8 +19,9 @@
{{- end -}}
{{- define "kyverno.reports-controller.image" -}}
-{{- if .image.registry -}}
- {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+ {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- else -}}
{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- end -}}
diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml
index b5ddd77480..cdaa8c0dbc 100644
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@@ -76,7 +76,7 @@ spec:
serviceAccountName: {{ template "kyverno.reports-controller.serviceAccountName" . }}
containers:
- name: controller
- image: {{ include "kyverno.reports-controller.image" (dict "image" .Values.reportsController.image "defaultTag" .Chart.AppVersion) | quote }}
+ image: {{ include "kyverno.reports-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.reportsController.image "defaultTag" .Chart.AppVersion) | quote }}
imagePullPolicy: {{ .Values.reportsController.image.pullPolicy }}
ports:
- containerPort: 9443
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index a27a51c292..5d226a6934 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -5,6 +5,12 @@ templating:
debug: false
version: ~
+global:
+ image:
+ # -- (string) Global value that allows to set a single image registry across all deployments.
+ # When set, it will override any values set under `.image.registry` across the chart.
+ registry: ~
+
# -- (string) Override the name of the chart
nameOverride: ~
@@ -322,8 +328,17 @@ webhooksCleanup:
# -- Create a helm pre-delete hook to cleanup webhooks.
enabled: true
- # -- `kubectl` image to run commands for deleting webhooks.
- image: bitnami/kubectl:latest
+ image:
+ # -- (string) Image registry
+ registry: ~
+ # -- Image repository
+ repository: bitnami/kubectl
+ # -- Image tag
+ # Defaults to `latest` if omitted
+ tag: '1.26.4'
+ # -- (string) Image pull policy
+ # Defaults to image.pullPolicy if omitted
+ pullPolicy: ~
# -- Image pull secrets
imagePullSecrets: []