feat: Implement global values for image registry in Kyverno Helm chart (#8625) (#8694)

* feat: Add image registry to global values * Fix indentation * Update documentation --------- Signed-off-by: Franco <franco@giantswarm.io> Co-authored-by: Franco Hielpos <48300215+fhielpos@users.noreply.github.com>
2024-12-14 11:57:48 +00:00 · 2023-10-19 14:30:17 +00:00 · 2023-10-19 14:30:17 +00:00 · 6fcf2bc22b
commit 6fcf2bc22b
parent cf65fc2f48
13 changed files with 43 additions and 19 deletions
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -629,7 +629,10 @@ The chart values are organised per component.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | webhooksCleanup.enabled | bool | `true` | Create a helm pre-delete hook to cleanup webhooks. |
-| webhooksCleanup.image | string | `"bitnami/kubectl:latest"` | `kubectl` image to run commands for deleting webhooks. |
+| webhooksCleanup.image.registry | string | `nil` | Image registry |
+| webhooksCleanup.image.repository | string | `"bitnami/kubectl"` | Image repository |
+| webhooksCleanup.image.tag | string | `"1.26.4"` | Image tag Defaults to `latest` if omitted |
+| webhooksCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
 | webhooksCleanup.imagePullSecrets | list | `[]` | Image pull secrets |
 | webhooksCleanup.podSecurityContext | object | `{}` | Security context for the pod |
 | webhooksCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
@ -704,6 +707,7 @@ The chart values are organised per component.

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| global.image.registry | string | `nil` | Global value that allows to set a single image registry across all deployments. When set, it will override any values set under `.image.registry` across the chart. |
 | nameOverride | string | `nil` | Override the name of the chart |
 | fullnameOverride | string | `nil` | Override the expanded name of the chart |
 | namespaceOverride | string | `nil` | Override the namespace the chart deploys to |
--- a/charts/kyverno/templates/_helpers/_image.tpl
+++ b/charts/kyverno/templates/_helpers/_image.tpl
@ -5,8 +5,9 @@
 {{- if not (typeIs "string" $tag) -}}
  {{ fail "Image tags must be strings." }}
 {{- end -}}
-{{- if .image.registry -}}
-  {{- print .image.registry "/" (required "An image repository is required" .image.repository) ":" $tag -}}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+  {{- print $imageRegistry "/" (required "An image repository is required" .image.repository) ":" $tag -}}
 {{- else -}}
  {{- print (required "An image repository is required" .image.repository) ":" $tag -}}
 {{- end -}}
--- a/charts/kyverno/templates/admission-controller/deployment.yaml
+++ b/charts/kyverno/templates/admission-controller/deployment.yaml
@ -78,7 +78,7 @@ spec:
        {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: kyverno-pre
-          image: {{ include "kyverno.image" (dict "image" .Values.admissionController.initContainer.image "defaultTag" (default .Chart.AppVersion .Values.admissionController.container.image.tag)) | quote }}
+          image: {{ include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.admissionController.initContainer.image "defaultTag" (default .Chart.AppVersion .Values.admissionController.container.image.tag)) | quote }}
          imagePullPolicy: {{ default .Values.admissionController.container.image.pullPolicy .Values.admissionController.initContainer.image.pullPolicy }}
          args:
            {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.admissionController.featuresOverride)
@ -124,7 +124,7 @@ spec:
        {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: kyverno
-          image: {{ include "kyverno.image" (dict "image" .Values.admissionController.container.image "defaultTag" .Chart.AppVersion) | quote }}
+          image: {{ include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.admissionController.container.image "defaultTag" .Chart.AppVersion) | quote }}
          imagePullPolicy: {{ .Values.admissionController.container.image.pullPolicy }}
          args:
            - --caSecretName={{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.kyverno-tls-ca
--- a/charts/kyverno/templates/background-controller/_helpers.tpl
+++ b/charts/kyverno/templates/background-controller/_helpers.tpl
@ -19,8 +19,9 @@
 {{- end -}}

 {{- define "kyverno.background-controller.image" -}}
-{{- if .image.registry -}}
-  {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+  {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
 {{- else -}}
  {{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
 {{- end -}}
--- a/charts/kyverno/templates/background-controller/deployment.yaml
+++ b/charts/kyverno/templates/background-controller/deployment.yaml
@ -76,7 +76,7 @@ spec:
      serviceAccountName: {{ template "kyverno.background-controller.serviceAccountName" . }}
      containers:
        - name: controller
-          image: {{ include "kyverno.background-controller.image" (dict "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }}
+          image: {{ include "kyverno.background-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }}
          imagePullPolicy: {{ .Values.backgroundController.image.pullPolicy }}
          ports:
          - containerPort: 9443
--- a/charts/kyverno/templates/cleanup-controller/_helpers.tpl
+++ b/charts/kyverno/templates/cleanup-controller/_helpers.tpl
@ -19,8 +19,9 @@
 {{- end -}}

 {{- define "kyverno.cleanup-controller.image" -}}
-{{- if .image.registry -}}
-  {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+  {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
 {{- else -}}
  {{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
 {{- end -}}
--- a/charts/kyverno/templates/cleanup-controller/deployment.yaml
+++ b/charts/kyverno/templates/cleanup-controller/deployment.yaml
@ -76,7 +76,7 @@ spec:
      serviceAccountName: {{ template "kyverno.cleanup-controller.serviceAccountName" . }}
      containers:
        - name: controller
-          image: {{ include "kyverno.cleanup-controller.image" (dict "image" .Values.cleanupController.image "defaultTag" .Chart.AppVersion) | quote }}
+          image: {{ include "kyverno.cleanup-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupController.image "defaultTag" .Chart.AppVersion) | quote }}
          imagePullPolicy: {{ .Values.cleanupController.image.pullPolicy }}
          ports:
          - containerPort: 9443
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@ -31,7 +31,7 @@ spec:
          {{- end }}
          containers:
          - name: cleanup
-            image: {{ (include "kyverno.image" .Values.cleanupJobs.admissionReports) | quote }}
+            image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupJobs.admissionReports.image)) | quote }}
            imagePullPolicy: {{ .Values.cleanupJobs.admissionReports.image.pullPolicy }}
            command:
            - /bin/sh
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@ -31,7 +31,7 @@ spec:
          {{- end }}
          containers:
          - name: cleanup
-            image: {{ (include "kyverno.image" .Values.cleanupJobs.clusterAdmissionReports) | quote }}
+            image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupJobs.clusterAdmissionReports.image)) | quote }}
            imagePullPolicy: {{ .Values.cleanupJobs.clusterAdmissionReports.image.pullPolicy }}
            command:
            - /bin/sh
--- a/charts/kyverno/templates/hooks/pre-delete.yaml
+++ b/charts/kyverno/templates/hooks/pre-delete.yaml
@ -26,7 +26,8 @@ spec:
      {{- end }}
      containers:
        - name: kubectl
-          image: {{ .Values.webhooksCleanup.image }}
+          image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.webhooksCleanup.image "defaultTag" (default .Chart.AppVersion .Values.webhooksCleanup.image.tag))) | quote }}
+          imagePullPolicy: {{ .Values.webhooksCleanup.image.pullPolicy }}
          command:
            - sh
            - '-c'
--- a/charts/kyverno/templates/reports-controller/_helpers.tpl
+++ b/charts/kyverno/templates/reports-controller/_helpers.tpl
@ -19,8 +19,9 @@
 {{- end -}}

 {{- define "kyverno.reports-controller.image" -}}
-{{- if .image.registry -}}
-  {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
+{{- $imageRegistry := default .image.registry .globalRegistry -}}
+{{- if $imageRegistry -}}
+  {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
 {{- else -}}
  {{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
 {{- end -}}
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@ -76,7 +76,7 @@ spec:
      serviceAccountName: {{ template "kyverno.reports-controller.serviceAccountName" . }}
      containers:
        - name: controller
-          image: {{ include "kyverno.reports-controller.image" (dict "image" .Values.reportsController.image "defaultTag" .Chart.AppVersion) | quote }}
+          image: {{ include "kyverno.reports-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.reportsController.image "defaultTag" .Chart.AppVersion) | quote }}
          imagePullPolicy: {{ .Values.reportsController.image.pullPolicy }}
          ports:
          - containerPort: 9443
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -5,6 +5,12 @@ templating:
  debug: false
  version: ~

+global:
+  image:
+    # -- (string) Global value that allows to set a single image registry across all deployments.
+    # When set, it will override any values set under `.image.registry` across the chart.
+    registry: ~
+
 # -- (string) Override the name of the chart
 nameOverride: ~

@ -322,8 +328,17 @@ webhooksCleanup:
  # -- Create a helm pre-delete hook to cleanup webhooks.
  enabled: true

-  # -- `kubectl` image to run commands for deleting webhooks.
-  image: bitnami/kubectl:latest
+  image:
+    # -- (string) Image registry
+    registry: ~
+    # -- Image repository
+    repository: bitnami/kubectl
+    # -- Image tag
+    # Defaults to `latest` if omitted
+    tag: '1.26.4'
+    # -- (string) Image pull policy
+    # Defaults to image.pullPolicy if omitted
+    pullPolicy: ~

  # -- Image pull secrets
  imagePullSecrets: []