From b9d3e9bb58f40c2d83b8686347812092013d146d Mon Sep 17 00:00:00 2001
From: Alex Olzem <olzemal@gmail.com>
Date: Sun, 2 Jul 2023 00:16:18 +0200
Subject: [PATCH] feat: Add option to add imagePullSecrets to cleanup CronJobs
 (#7730)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add option to add imagePullSecrets to cleanup CronJobs

Signed-off-by: Alexander Olzem <olzemal@pm.me>

* Update chart README

Signed-off-by: Alexander Olzem <olzemal@pm.me>

---------

Signed-off-by: Alexander Olzem <olzemal@pm.me>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 charts/kyverno/README.md                                  | 2 ++
 .../templates/cleanup/cleanup-admission-reports.yaml      | 4 ++++
 .../cleanup/cleanup-cluster-admission-reports.yaml        | 4 ++++
 charts/kyverno/values.yaml                                | 8 ++++++++
 4 files changed, 18 insertions(+)

diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index fac43288ba..fcced122af 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -642,6 +642,7 @@ The chart values are organised per component.
 | cleanupJobs.admissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
 | cleanupJobs.admissionReports.image.tag | string | `"1.26.4"` | Image tag Defaults to `latest` if omitted |
 | cleanupJobs.admissionReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
+| cleanupJobs.admissionReports.imagePullSecrets | list | `[]` | Image pull secrets |
 | cleanupJobs.admissionReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule |
 | cleanupJobs.admissionReports.threshold | int | `10000` | Reports threshold, if number of reports are above this value the cronjob will start deleting them |
 | cleanupJobs.admissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
@@ -655,6 +656,7 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
 | cleanupJobs.clusterAdmissionReports.image.tag | string | `"1.26.4"` | Image tag Defaults to `latest` if omitted |
 | cleanupJobs.clusterAdmissionReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
+| cleanupJobs.clusterAdmissionReports.imagePullSecrets | list | `[]` | Image pull secrets |
 | cleanupJobs.clusterAdmissionReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule |
 | cleanupJobs.clusterAdmissionReports.threshold | int | `10000` | Reports threshold, if number of reports are above this value the cronjob will start deleting them |
 | cleanupJobs.clusterAdmissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
index e648c0beea..83ce15ceae 100644
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@@ -48,6 +48,10 @@ spec:
             resources:
               {{- toYaml . | nindent 14 }}
             {{- end }}
+          {{- with .Values.cleanupJobs.admissionReports.imagePullSecrets }}
+          imagePullSecrets:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
           restartPolicy: OnFailure
           {{- with .Values.cleanupJobs.admissionReports.tolerations }}
           tolerations:
diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
index bdd0697512..b2f2ae2a3c 100644
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@@ -48,6 +48,10 @@ spec:
             resources:
               {{- toYaml . | nindent 14 }}
             {{- end }}
+          {{- with .Values.cleanupJobs.clusterAdmissionReports.imagePullSecrets }}
+          imagePullSecrets:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
           restartPolicy: OnFailure
           {{- with .Values.cleanupJobs.clusterAdmissionReports.tolerations }}
           tolerations:
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 451ec9bcd2..19dcffe78f 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -412,6 +412,10 @@ cleanupJobs:
       # Defaults to image.pullPolicy if omitted
       pullPolicy: ~
 
+    # -- Image pull secrets
+    imagePullSecrets: []
+      # - name: secretName
+
     # -- Cronjob schedule
     schedule: '*/10 * * * *'
 
@@ -464,6 +468,10 @@ cleanupJobs:
       # Defaults to image.pullPolicy if omitted
       pullPolicy: ~
 
+    # -- Image pull secrets
+    imagePullSecrets: []
+      # - name: secretName
+
     # -- Cronjob schedule
     schedule: '*/10 * * * *'