Templatize imagePullSecret names in deployment

sf1tzp · arttor · commit 722502758c9b · 2022-01-28T22:14:34.000+03:00
Also, update examples
diff --git a/examples/app/templates/secret-ca.yaml b/examples/app/templates/secret-ca.yaml
@@ -6,4 +6,5 @@ metadata:
   {{- include "app.labels" . | nindent 4 }}
 data:
   ca.crt: {{ required "secretCa.caCrt is required" .Values.secretCa.caCrt | b64enc
-    | quote }}
+    | quote }}
+type: opaque
diff --git a/examples/app/templates/secret-vars.yaml b/examples/app/templates/secret-vars.yaml
@@ -10,4 +10,5 @@ data:
   VAR2: {{ required "secretVars.var2 is required" .Values.secretVars.var2 | b64enc
     | quote }}
 stringData:
-  str: {{ required "secretVars.str is required" .Values.secretVars.str | quote }}
+  str: {{ required "secretVars.str is required" .Values.secretVars.str | quote }}
+type: opaque
diff --git a/examples/operator/templates/deployment.yaml b/examples/operator/templates/deployment.yaml
@@ -74,6 +74,8 @@ spec:
           subPath: controller_manager_config.yaml
         - mountPath: /my.ca
           name: secret-volume
+      imagePullSecrets:
+      - name: {{ include "operator.fullname" . }}-secret-registry-credentials
       securityContext:
         runAsNonRoot: true
       serviceAccountName: {{ include "operator.fullname" . }}-controller-manager
diff --git a/examples/operator/templates/secret-ca.yaml b/examples/operator/templates/secret-ca.yaml
@@ -6,4 +6,5 @@ metadata:
   {{- include "operator.labels" . | nindent 4 }}
 data:
   ca.crt: {{ required "secretCa.caCrt is required" .Values.secretCa.caCrt | b64enc
-    | quote }}
+    | quote }}
+type: opaque
diff --git a/examples/operator/templates/secret-registry-credentials.yaml b/examples/operator/templates/secret-registry-credentials.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "operator.fullname" . }}-secret-registry-credentials
+  labels:
+  {{- include "operator.labels" . | nindent 4 }}
+data:
+  .dockerconfigjson: {{ required "secretRegistryCredentials.dockerconfigjson is required"
+    .Values.secretRegistryCredentials.dockerconfigjson | b64enc | quote }}
+type: kubernetes.io/dockerconfigjson
diff --git a/examples/operator/templates/secret-vars.yaml b/examples/operator/templates/secret-vars.yaml
@@ -8,4 +8,5 @@ data:
   VAR1: {{ required "secretVars.var1 is required" .Values.secretVars.var1 | b64enc
     | quote }}
   VAR2: {{ required "secretVars.var2 is required" .Values.secretVars.var2 | b64enc
-    | quote }}
+    | quote }}
+type: opaque
diff --git a/examples/operator/values.yaml b/examples/operator/values.yaml
@@ -42,6 +42,8 @@ pvc:
     storageRequest: 2Gi
 secretCa:
   caCrt: ""
+secretRegistryCredentials:
+  dockerconfigjson: ""
 secretVars:
   var1: ""
   var2: ""
diff --git a/pkg/processor/deployment/deployment.go b/pkg/processor/deployment/deployment.go
@@ -213,6 +213,11 @@ func processPodSpec(name string, appMeta helmify.AppMetadata, pod *corev1.PodSpe
 		}
 	}
 	pod.ServiceAccountName = appMeta.TemplatedName(pod.ServiceAccountName)
+
+	for i, s := range pod.ImagePullSecrets {
+		pod.ImagePullSecrets[i].Name = appMeta.TemplatedName(s.Name)
+	}
+
 	return values, nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -213,6 +213,11 @@ func processPodSpec(name string, appMeta helmify.AppMetadata, pod *corev1.PodSpe`
`213`	`213`	`}`
`214`	`214`	`}`
`215`	`215`	`pod.ServiceAccountName = appMeta.TemplatedName(pod.ServiceAccountName)`
	`216`	`+`
	`217`	`+ for i, s := range pod.ImagePullSecrets {`
	`218`	`+ pod.ImagePullSecrets[i].Name = appMeta.TemplatedName(s.Name)`
	`219`	`+ }`
	`220`	`+`
`216`	`221`	`return values, nil`
`217`	`222`	`}`
`218`	`223`