From 692973b0051cc52790ff3b3b194085b30af71d76 Mon Sep 17 00:00:00 2001 From: Jana Date: Wed, 15 May 2024 12:24:31 +0200 Subject: [PATCH] Add option for docker imagepull secrets In larger production environments, we may get rate-limited by Docker Hub for a lot of image pulls. So, I've added an option for providing the Docker pull secret name to avoid rate limits. Signed-off-by: Jana Signed-off-by: Jana --- deployments/helm/KubeArmor/templates/daemonset.yaml | 4 ++++ deployments/helm/KubeArmor/templates/deployment.yaml | 12 ++++++++++++ deployments/helm/KubeArmor/values.yaml | 12 +++++++++++- .../helm/KubeArmorOperator/templates/deployment.yaml | 4 ++++ deployments/helm/KubeArmorOperator/values.yaml | 2 ++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/deployments/helm/KubeArmor/templates/daemonset.yaml b/deployments/helm/KubeArmor/templates/daemonset.yaml index 6b5a6e8c22..b8e8a2ceeb 100644 --- a/deployments/helm/KubeArmor/templates/daemonset.yaml +++ b/deployments/helm/KubeArmor/templates/daemonset.yaml @@ -16,6 +16,10 @@ spec: labels: kubearmor-app: kubearmor spec: + {{- if .Values.kubearmor.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.kubearmor.image.imagePullSecrets | indent 6 }} + {{- end }} containers: - args: - -gRPC=32767 diff --git a/deployments/helm/KubeArmor/templates/deployment.yaml b/deployments/helm/KubeArmor/templates/deployment.yaml index b6ed02d5c1..c10de186e8 100644 --- a/deployments/helm/KubeArmor/templates/deployment.yaml +++ b/deployments/helm/KubeArmor/templates/deployment.yaml @@ -18,6 +18,10 @@ spec: labels: kubearmor-app: kubearmor-relay spec: + {{- if .Values.kubearmorRelay.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.kubearmorRelay.image.imagePullSecrets | indent 6 }} + {{- end }} containers: - args: {{printf "- -tlsEnabled=%t" .Values.tls.enabled}} @@ -79,6 +83,10 @@ spec: - /manager image: {{printf "%s:%s" .Values.kubearmorController.image.repository .Values.kubearmorController.image.tag}} imagePullPolicy: {{ .Values.kubearmorController.imagePullPolicy }} + {{- if .Values.kubearmorController.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.kubearmorController.image.imagePullSecrets | indent 8 }} + {{- end }} livenessProbe: httpGet: path: /healthz @@ -117,6 +125,10 @@ spec: - --logtostderr=true - --v=0 image: {{printf "%s:%s" .Values.kubeRbacProxy.image.repository .Values.kubeRbacProxy.image.tag}} + {{- if .Values.kubeRbacProxy.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.kubeRbacProxy.image.imagePullSecrets | indent 8 }} + {{- end }} name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/deployments/helm/KubeArmor/values.yaml b/deployments/helm/KubeArmor/values.yaml index e9f75c5fb0..d87b2315a2 100644 --- a/deployments/helm/KubeArmor/values.yaml +++ b/deployments/helm/KubeArmor/values.yaml @@ -16,8 +16,11 @@ kubearmorRelay: repository: kubearmor/kubearmor-relay-server # kubearmor-init image tag tag: latest + # Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production. + imagePullSecrets: "" # kubearmor-init imagePullPolicy imagePullPolicy: Always + # Add environment variables for STDOUT logging enableStdoutLogs: "false" enableStdoutAlerts: "false" @@ -62,6 +65,8 @@ kubearmorInit: repository: kubearmor/kubearmor-init # kubearmor-init image tag tag: stable + # Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production. + imagePullSecrets: "" # kubearmor-init imagePullPolicy imagePullPolicy: Always @@ -71,6 +76,8 @@ kubeRbacProxy: repository: gcr.io/kubebuilder/kube-rbac-proxy # kube-rbac-proxy image tag tag: v0.15.0 + # Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production. + imagePullSecrets: "" # kube-rbac-proxy imagePullPolicy imagePullPolicy: Always @@ -83,6 +90,8 @@ kubearmorController: repository: kubearmor/kubearmor-controller # kubearmor-controller image tag tag: latest + # Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production. + imagePullSecrets: "" mutation: # kubearmor-controller failure policy failurePolicy: Ignore @@ -105,7 +114,8 @@ kubearmor: repository: kubearmor/kubearmor # kubearmor daemonset image tag tag: stable - + # Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production. + imagePullSecrets: "" # kubearmor daemonset imagePullPolicy imagePullPolicy: Always diff --git a/deployments/helm/KubeArmorOperator/templates/deployment.yaml b/deployments/helm/KubeArmorOperator/templates/deployment.yaml index 24f397ba8d..a23fdd3b01 100644 --- a/deployments/helm/KubeArmorOperator/templates/deployment.yaml +++ b/deployments/helm/KubeArmorOperator/templates/deployment.yaml @@ -14,6 +14,10 @@ spec: labels: kubearmor-app: {{ .Values.kubearmorOperator.name }} spec: + {{- if .Values.kubearmorOperator.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.kubearmorOperator.image.imagePullSecrets | indent 6 }} + {{- end }} containers: - name: {{ .Values.kubearmorOperator.name }} env: diff --git a/deployments/helm/KubeArmorOperator/values.yaml b/deployments/helm/KubeArmorOperator/values.yaml index a6efab57b6..876c539f35 100644 --- a/deployments/helm/KubeArmorOperator/values.yaml +++ b/deployments/helm/KubeArmorOperator/values.yaml @@ -37,6 +37,8 @@ kubearmorOperator: tag: "" imagePullPolicy: IfNotPresent initDeploy: true + # Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production. + imagePullSecrets: "" kubearmorConfig: defaultCapabilitiesPosture: audit