Support existing imagePullSecrets for image verify functionality (#5627)

* Support existing imagePullSecrets for image verify functionality Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com> * fix values comments formatting - indentation Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com> * Adding release note to Chart.yaml for changes Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com> * Update charts/kyverno/templates/deployment.yaml Apply suggestion for templating Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com> Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com> Signed-off-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-13 19:28:55 +00:00 · 2022-12-12 08:26:43 -08:00 · 2022-12-12 08:26:43 -08:00 · 46003406b0
commit 46003406b0
parent 9d3b176def
5 changed files with 17 additions and 2 deletions
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -56,3 +56,5 @@ annotations:
      description: Cleanup controller.
    - kind: changed
      description: CRD labels are in sync with other labels generated by the helm.
+    - kind: added
+      description: Support existing imagePullSecrets for image verify
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -164,6 +164,7 @@ The command removes all the Kubernetes components associated with the chart and
 | extraInitContainers | list | `[]` | Array of extra init containers |
 | extraContainers | list | `[]` | Array of extra containers to run alongside kyverno |
 | imagePullSecrets | object | `{}` | Image pull secrets for image verify and imageData policies. This will define the `--imagePullSecrets` Kyverno argument. |
+| existingImagePullSecrets | list | `[]` | Existing Image pull secrets for image verify and imageData policies. This will define the `--imagePullSecrets` Kyverno argument. |
 | resources.limits | object | `{"memory":"384Mi"}` | Pod resource limits |
 | resources.requests | object | `{"cpu":"100m","memory":"128Mi"}` | Pod resource requests |
 | initResources.limits | object | `{"cpu":"100m","memory":"256Mi"}` | Pod resource limits |
--- a/charts/kyverno/ci/existingImagePullSecrets-values.yaml
+++ b/charts/kyverno/ci/existingImagePullSecrets-values.yaml
@ -0,0 +1,3 @@
+existingImagePullSecrets:
+- test-registry
+- other-test-registry
--- a/charts/kyverno/templates/deployment.yaml
+++ b/charts/kyverno/templates/deployment.yaml
@ -111,8 +111,8 @@ spec:
            {{- if .Values.extraArgs -}}
              {{ tpl (toYaml .Values.extraArgs) . | nindent 12 }}
            {{- end }}
-            {{- if .Values.imagePullSecrets }}
-            - --imagePullSecrets={{ keys .Values.imagePullSecrets | join "," }}
+            {{- if or .Values.imagePullSecrets .Values.existingImagePullSecrets }}
+            - --imagePullSecrets={{- join "," (concat (keys .Values.imagePullSecrets) .Values.existingImagePullSecrets) }}
            {{- end }}
          {{- end }}
          {{- with .Values.resources }}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -202,6 +202,15 @@ imagePullSecrets: {}
  #     username: barbaz
  #     password: secret2

+
+# -- Existing Image pull secrets for image verify and imageData policies.
+# This will define the `--imagePullSecrets` Kyverno argument.
+existingImagePullSecrets: []
+  # Define an existing image pull secret
+  # existingImagePullSecrets:
+  # - test-registry
+  # - other-test-registry
+
 resources:
  # -- Pod resource limits
  limits: