refactor: move helm image pull secrets in config folder (#6069)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

charts/kyverno/README.md

@@ -151,6 +151,8 @@ The command removes all the Kubernetes components associated with the chart and
 | metricsConfig.namespaces.include | list | `[]` | List of namespaces to capture metrics for. |
 | metricsConfig.namespaces.exclude | list | `[]` | list of namespaces to NOT capture metrics for. |
 | metricsConfig.metricsRefreshInterval | string | `nil` | Rate at which metrics should reset so as to clean up the memory footprint of kyverno metrics, if you might be expecting high memory footprint of Kyverno's metrics. Default: 0, no refresh of metrics |
+| imagePullSecrets | object | `{}` | Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument |
+| existingImagePullSecrets | list | `[]` | Existing Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument |
 | customLabels | object | `{}` | Additional labels |
 | rbac.create | bool | `true` | Create ClusterRoles, ClusterRoleBindings, and ServiceAccount |
 | rbac.serviceAccount.create | bool | `true` | Create a ServiceAccount |
@@ -192,8 +194,6 @@ The command removes all the Kubernetes components associated with the chart and
 | extraArgs | list | `["--loggingFormat=text"]` | Extra arguments to give to the binary. |
 | extraInitContainers | list | `[]` | Array of extra init containers |
 | extraContainers | list | `[]` | Array of extra containers to run alongside kyverno |
-| imagePullSecrets | object | `{}` | Image pull secrets for image verify and imageData policies. This will define the `--imagePullSecrets` Kyverno argument. |
-| existingImagePullSecrets | list | `[]` | Existing Image pull secrets for image verify and imageData policies. This will define the `--imagePullSecrets` Kyverno argument. |
 | resources.limits | object | `{"memory":"384Mi"}` | Pod resource limits |
 | resources.requests | object | `{"cpu":"100m","memory":"128Mi"}` | Pod resource requests |
 | initResources.limits | object | `{"cpu":"100m","memory":"256Mi"}` | Pod resource limits |

charts/kyverno/templates/_helpers.tpl

@@ -142,10 +142,6 @@ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
 {{- end }}
 {{- end }}
 
-{{- define "kyverno.imagePullSecret" }}
-{{- printf "{\"auths\":{\"%s\":{\"auth\":\"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-
 {{- define "kyverno.image" -}}
   {{- if .image.registry -}}
 {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}

charts/kyverno/templates/config/_helpers.tpl

@@ -39,7 +39,7 @@ app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
   {{- end }}
 {{- end }}
 {{- tpl (join "" $resourceFilters) . }}
-{{- end }}
+{{- end -}}
 
 {{- define "kyverno.config.webhooks" -}}
 {{- $excludeDefault := dict "key" "kubernetes.io/metadata.name" "operator" "NotIn" "values" (list (include "kyverno.namespace" .)) }}
@@ -51,4 +51,8 @@ app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
   {{- $newWebhook = append $newWebhook (merge (omit $webhook "namespaceSelector") (dict "namespaceSelector" $newNamespaceSelector)) }}
 {{- end }}
 {{- $newWebhook | toJson }}
-{{- end }}
+{{- end -}}
+
+{{- define "kyverno.config.imagePullSecret" -}}
+{{- printf "{\"auths\":{\"%s\":{\"auth\":\"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end -}}

charts/kyverno/templates/config/imagepullsecret.yaml

@@ -6,8 +6,8 @@ metadata:
   name: {{ $name }}
   namespace: {{ template "kyverno.namespace" $ }}
   labels:
-    {{- include "kyverno.labels" $ | nindent 4 }}
+    {{- include "kyverno.config.labels" $ | nindent 4 }}
 type: kubernetes.io/dockerconfigjson
 data:
-  .dockerconfigjson: {{ template "kyverno.imagePullSecret" $secret }}
+  .dockerconfigjson: {{ template "kyverno.config.imagePullSecret" $secret }}
 {{ end }}

charts/kyverno/values.yaml

@@ -120,6 +120,22 @@ metricsConfig:
   metricsRefreshInterval: ~
   # metricsRefreshInterval: 24h
 
+# -- Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument
+imagePullSecrets: {}
+  # regcred:
+  #   registry: foo.example.com
+  #   username: foobar
+  #   password: secret
+  # regcred2:
+  #   registry: bar.example.com
+  #   username: barbaz
+  #   password: secret2
+
+# -- Existing Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument
+existingImagePullSecrets: []
+  # - test-registry
+  # - other-test-registry
+
 # -- Additional labels
 customLabels: {}
 
@@ -301,29 +317,6 @@ extraContainers: []
 #   image: busybox
 #   command: ['sh', '-c', 'echo Hello && sleep 3600']
 
-# -- Image pull secrets for image verify and imageData policies.
-# This will define the `--imagePullSecrets` Kyverno argument.
-imagePullSecrets: {}
-  # Define two image pull secrets
-  # imagePullSecrets:
-  #   regcred:
-  #     registry: foo.example.com
-  #     username: foobar
-  #     password: secret
-  #   regcred2:
-  #     registry: bar.example.com
-  #     username: barbaz
-  #     password: secret2
-
-
-# -- Existing Image pull secrets for image verify and imageData policies.
-# This will define the `--imagePullSecrets` Kyverno argument.
-existingImagePullSecrets: []
-  # Define an existing image pull secret
-  # existingImagePullSecrets:
-  # - test-registry
-  # - other-test-registry
-
 resources:
   # -- Pod resource limits
   limits: