Add imagePullSecrets to post-upgrade job (#9264)

Signed-off-by: Frank Wittig <frank@e5k.de>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

charts/kyverno/README.md

@@ -740,6 +740,7 @@ The chart values are organised per component.
 | policyReportsCleanup.image.repository | string | `"bitnami/kubectl"` | Image repository |
 | policyReportsCleanup.image.tag | string | `"1.28.4"` | Image tag Defaults to `latest` if omitted |
 | policyReportsCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
+| policyReportsCleanup.imagePullSecrets | list | `[]` | Image pull secrets |
 | policyReportsCleanup.podSecurityContext | object | `{}` | Security context for the pod |
 | policyReportsCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
 | policyReportsCleanup.tolerations | list | `[]` | List of node taints to tolerate |

charts/kyverno/templates/hooks/post-upgrade.yaml

@@ -54,6 +54,10 @@ spec:
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+      {{- with .Values.policyReportsCleanup.imagePullSecrets }}
+      imagePullSecrets:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
       {{- with .Values.policyReportsCleanup.tolerations }}
       tolerations:
         {{- tpl (toYaml .) $ | nindent 8 }}

charts/kyverno/values.yaml

@@ -419,6 +419,10 @@ policyReportsCleanup:
     # Defaults to image.pullPolicy if omitted
     pullPolicy: ~
 
+  # -- Image pull secrets
+  imagePullSecrets: []
+  # - name: secretName
+
   # -- Security context for the pod
   podSecurityContext: {}