diff --git a/.changeset/rotten-numbers-protect.md b/.changeset/rotten-numbers-protect.md new file mode 100644 index 0000000..b3a1f07 --- /dev/null +++ b/.changeset/rotten-numbers-protect.md @@ -0,0 +1,5 @@ +--- +"helm-charts": patch +--- + +feat: Add support for image pull secrets in deployments diff --git a/charts/hdx-oss-v2/templates/clickhouse-deployment.yaml b/charts/hdx-oss-v2/templates/clickhouse-deployment.yaml index 353400f..53f356d 100644 --- a/charts/hdx-oss-v2/templates/clickhouse-deployment.yaml +++ b/charts/hdx-oss-v2/templates/clickhouse-deployment.yaml @@ -26,6 +26,10 @@ spec: tolerations: {{- toYaml .Values.clickhouse.tolerations | nindent 8 }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: clickhouse image: "{{ .Values.clickhouse.image }}" diff --git a/charts/hdx-oss-v2/templates/cronjobs/task-checkAlerts.yaml b/charts/hdx-oss-v2/templates/cronjobs/task-checkAlerts.yaml index 66f4fc8..9efcb30 100644 --- a/charts/hdx-oss-v2/templates/cronjobs/task-checkAlerts.yaml +++ b/charts/hdx-oss-v2/templates/cronjobs/task-checkAlerts.yaml @@ -17,6 +17,10 @@ spec: {{- include "hdx-oss.selectorLabels" . | nindent 12 }} app.kubernetes.io/component: task spec: + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.global.imagePullSecrets | nindent 12 }} + {{- end }} restartPolicy: OnFailure containers: - name: task diff --git a/charts/hdx-oss-v2/templates/hyperdx-deployment.yaml b/charts/hdx-oss-v2/templates/hyperdx-deployment.yaml index cdab8f6..5358d3b 100644 --- a/charts/hdx-oss-v2/templates/hyperdx-deployment.yaml +++ b/charts/hdx-oss-v2/templates/hyperdx-deployment.yaml @@ -43,6 +43,10 @@ spec: {{- if .Values.hyperdx.priorityClassName }} priorityClassName: {{ .Values.hyperdx.priorityClassName | quote }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} {{- if .Values.mongodb.enabled }} initContainers: - name: wait-for-mongodb diff --git a/charts/hdx-oss-v2/templates/mongodb-deployment.yaml b/charts/hdx-oss-v2/templates/mongodb-deployment.yaml index 7616a86..a56ebc5 100644 --- a/charts/hdx-oss-v2/templates/mongodb-deployment.yaml +++ b/charts/hdx-oss-v2/templates/mongodb-deployment.yaml @@ -48,6 +48,10 @@ spec: tolerations: {{- toYaml .Values.mongodb.tolerations | nindent 8 }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: mongodb image: "{{ .Values.mongodb.image }}" diff --git a/charts/hdx-oss-v2/templates/otel-collector-deployment.yaml b/charts/hdx-oss-v2/templates/otel-collector-deployment.yaml index f390867..0ce808b 100644 --- a/charts/hdx-oss-v2/templates/otel-collector-deployment.yaml +++ b/charts/hdx-oss-v2/templates/otel-collector-deployment.yaml @@ -32,6 +32,10 @@ spec: tolerations: {{- toYaml .Values.otel.tolerations | nindent 8 }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: otel-collector image: "{{ .Values.otel.image.repository }}:{{ .Values.otel.image.tag | default .Chart.AppVersion }}" diff --git a/charts/hdx-oss-v2/tests/clickhouse-deployment_test.yaml b/charts/hdx-oss-v2/tests/clickhouse-deployment_test.yaml index 19f7719..88b1b39 100644 --- a/charts/hdx-oss-v2/tests/clickhouse-deployment_test.yaml +++ b/charts/hdx-oss-v2/tests/clickhouse-deployment_test.yaml @@ -338,4 +338,29 @@ tests: of: PersistentVolumeClaim - documentIndex: 5 isNull: - path: metadata.annotations \ No newline at end of file + path: metadata.annotations + + - it: should not include imagePullSecrets when not configured + set: + clickhouse: + enabled: true + asserts: + - documentIndex: 0 + isNull: + path: spec.template.spec.imagePullSecrets + + - it: should include imagePullSecrets when configured + set: + clickhouse: + enabled: true + global: + imagePullSecrets: + - name: regcred + asserts: + - documentIndex: 0 + isNotNull: + path: spec.template.spec.imagePullSecrets + - documentIndex: 0 + equal: + path: spec.template.spec.imagePullSecrets[0].name + value: regcred \ No newline at end of file diff --git a/charts/hdx-oss-v2/tests/hyperdx-deployment_test.yaml b/charts/hdx-oss-v2/tests/hyperdx-deployment_test.yaml index 1d07d04..10e3cf0 100644 --- a/charts/hdx-oss-v2/tests/hyperdx-deployment_test.yaml +++ b/charts/hdx-oss-v2/tests/hyperdx-deployment_test.yaml @@ -226,4 +226,47 @@ tests: value: 9000 - equal: path: spec.template.spec.containers[0].readinessProbe.httpGet.port - value: 9000 \ No newline at end of file + value: 9000 + + - it: should not include imagePullSecrets when not configured + asserts: + - isNull: + path: spec.template.spec.imagePullSecrets + + - it: should include imagePullSecrets when configured with single secret + set: + global: + imagePullSecrets: + - name: regcred + asserts: + - isNotNull: + path: spec.template.spec.imagePullSecrets + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: regcred + - lengthEqual: + path: spec.template.spec.imagePullSecrets + count: 1 + + - it: should include imagePullSecrets when configured with multiple secrets + set: + global: + imagePullSecrets: + - name: regcred + - name: docker-hub-secret + - name: private-registry-secret + asserts: + - isNotNull: + path: spec.template.spec.imagePullSecrets + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: regcred + - equal: + path: spec.template.spec.imagePullSecrets[1].name + value: docker-hub-secret + - equal: + path: spec.template.spec.imagePullSecrets[2].name + value: private-registry-secret + - lengthEqual: + path: spec.template.spec.imagePullSecrets + count: 3 \ No newline at end of file diff --git a/charts/hdx-oss-v2/tests/mongodb-deployment_test.yaml b/charts/hdx-oss-v2/tests/mongodb-deployment_test.yaml index 97b04ad..d4f4c01 100644 --- a/charts/hdx-oss-v2/tests/mongodb-deployment_test.yaml +++ b/charts/hdx-oss-v2/tests/mongodb-deployment_test.yaml @@ -265,3 +265,28 @@ tests: equal: path: spec.storageClassName value: fast-ssd + + - it: should not include imagePullSecrets when not configured + set: + mongodb: + enabled: true + asserts: + - documentIndex: 0 + isNull: + path: spec.template.spec.imagePullSecrets + + - it: should include imagePullSecrets when configured + set: + mongodb: + enabled: true + global: + imagePullSecrets: + - name: regcred + asserts: + - documentIndex: 1 + isNotNull: + path: spec.template.spec.imagePullSecrets + - documentIndex: 1 + equal: + path: spec.template.spec.imagePullSecrets[0].name + value: regcred diff --git a/charts/hdx-oss-v2/tests/otel-collector_test.yaml b/charts/hdx-oss-v2/tests/otel-collector_test.yaml index 39ce113..df43aa1 100644 --- a/charts/hdx-oss-v2/tests/otel-collector_test.yaml +++ b/charts/hdx-oss-v2/tests/otel-collector_test.yaml @@ -807,3 +807,28 @@ tests: equal: path: spec.template.spec.containers[0].readinessProbe.httpGet.port value: 13134 + + - it: should not include imagePullSecrets when not configured + set: + otel: + enabled: true + asserts: + - documentIndex: 0 + isNull: + path: spec.template.spec.imagePullSecrets + + - it: should include imagePullSecrets when configured + set: + otel: + enabled: true + global: + imagePullSecrets: + - name: regcred + asserts: + - documentIndex: 0 + isNotNull: + path: spec.template.spec.imagePullSecrets + - documentIndex: 0 + equal: + path: spec.template.spec.imagePullSecrets[0].name + value: regcred diff --git a/charts/hdx-oss-v2/tests/task-checkAlerts_test.yaml b/charts/hdx-oss-v2/tests/task-checkAlerts_test.yaml index 71d1c30..a5e922d 100644 --- a/charts/hdx-oss-v2/tests/task-checkAlerts_test.yaml +++ b/charts/hdx-oss-v2/tests/task-checkAlerts_test.yaml @@ -72,3 +72,25 @@ tests: - equal: path: spec.schedule value: "*/1 * * * *" + + - it: should not include imagePullSecrets when not configured + set: + tasks: + enabled: true + asserts: + - isNull: + path: spec.jobTemplate.spec.template.spec.imagePullSecrets + + - it: should include imagePullSecrets when configured + set: + tasks: + enabled: true + global: + imagePullSecrets: + - name: regcred + asserts: + - isNotNull: + path: spec.jobTemplate.spec.template.spec.imagePullSecrets + - equal: + path: spec.jobTemplate.spec.template.spec.imagePullSecrets[0].name + value: regcred diff --git a/charts/hdx-oss-v2/values.yaml b/charts/hdx-oss-v2/values.yaml index a08b72f..0f04f80 100644 --- a/charts/hdx-oss-v2/values.yaml +++ b/charts/hdx-oss-v2/values.yaml @@ -1,5 +1,11 @@ global: imageRegistry: "" + # List of image pull secrets to use for pulling images from private registries + # This helps avoid rate limiting (429 errors) when pulling from Docker Hub + # Example: + # imagePullSecrets: + # - name: regcred + # - name: docker-hub-secret imagePullSecrets: [] storageClassName: "local-path" # Keep PVCs when uninstalling helm release to preserve data