Skip to content

Fix issue 314 - Helm chart does not support CA cert configuration #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
davidcollom merged 2 commits into from
Jan 23, 2025
Merged

Fix issue 314 - Helm chart does not support CA cert configuration #316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f819cf
Fix issue 314 - Helm chart does not support CA cert configuration
Jan 23, 2025
695014c
Merge branch 'main' into issue/314
davidcollom Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
/bin
coverage.out
.debug
2 changes: 2 additions & 0 deletions deploy/charts/version-checker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ A Helm chart for version-checker
| ecr.sessionToken | string | `nil` | ECR session token for read access to private registries |
| env | object | `{}` | Can be used to provide custom environment variables e.g. proxy settings |
| existingSecret | string | `""` | Provide an existing Secret within the cluster to use for authentication and configuration of version-checker |
| extraVolumeMounts | list | `[]` | Allow for extra Volume Mounts to version-checkers container |
| extraVolumes | list | `[]` | Allow for extra Volumes to be associated to the pod |
| gcr.token | string | `nil` | Access token for read access to private GCR registries |
| ghcr.token | string | `nil` | Personal Access token for read access to GHCR releases |
| image.imagePullSecret | string | `nil` | Pull secrects - name of existing secret |
Expand Down
185 changes: 185 additions & 0 deletions deploy/charts/version-checker/templates/_pod_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
{{- define "version-checker.pod.args" -}}
- "--image-cache-timeout={{.Values.versionChecker.imageCacheTimeout}}"
- "--log-level={{.Values.versionChecker.logLevel}}"
- "--metrics-serving-address={{.Values.versionChecker.metricsServingAddress}}"
- "--test-all-containers={{.Values.versionChecker.testAllContainers}}"
{{- end -}}

{{- define "version-checker.pod.envs.selfhosted" -}}
{{- $chartname := include "version-checker.name" . -}}
{{range $index, $element := .Values.selfhosted }}
# Selfhosted
{{- if $element.host }}
- name: VERSION_CHECKER_SELFHOSTED_HOST_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.host
{{- end -}}
{{- if $element.username }}
- name: VERSION_CHECKER_SELFHOSTED_USERNAME_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.username
{{- end -}}
{{- if $element.password }}
- name: VERSION_CHECKER_SELFHOSTED_PASSWORD_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.password
{{- end -}}
{{- if and (hasKey $element "token") $element.token }}
- name: VERSION_CHECKER_SELFHOSTED_TOKEN_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.token
{{- end -}}
{{- if and (hasKey $element "ca_path") $element.ca_path }}
- name: VERSION_CHECKER_SELFHOSTED_CA_PATH_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.ca_path
{{- end -}}
{{- if and (hasKey $element "insecure") $element.insecure }}
- name: VERSION_CHECKER_SELFHOSTED_INSECURE_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.insecure
{{- end -}}
{{- end }}
{{- end -}}

{{- define "version-checker.pod.envs.docker" -}}
{{- $chartname := include "version-checker.name" . -}}
{{- if .Values.docker.token }}
- name: VERSION_CHECKER_DOCKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: docker.token
{{- end }}
{{- if .Values.docker.username }}
- name: VERSION_CHECKER_DOCKER_USERNAME
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: docker.username
{{- end }}
{{- if .Values.docker.password }}
- name: VERSION_CHECKER_DOCKER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: docker.password
{{- end -}}
{{- end -}}

{{- define "version-checker.pod.envs.acr" -}}
{{- $chartname := include "version-checker.name" . -}}
{{- if .Values.acr.refreshToken }}
- name: VERSION_CHECKER_ACR_REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: acr.refreshToken
{{- end }}
{{- if .Values.acr.username }}
- name: VERSION_CHECKER_ACR_USERNAME
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: acr.username
{{- end }}
{{- if .Values.acr.password }}
- name: VERSION_CHECKER_ACR_PASSWORD
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: acr.password
{{- end }}
{{- end -}}

{{- define "version-checker.pod.envs.ecr" -}}
{{- $chartname := include "version-checker.name" . -}}
{{- if .Values.ecr.iamRoleArn }}
- name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
value: {{ .Values.ecr.iamRoleArn }}
{{- end }}
{{- if .Values.ecr.accessKeyID }}
- name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ecr.accessKeyID
{{- end -}}
{{- if .Values.ecr.secretAccessKey }}
- name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ecr.secretAccessKey
{{- end }}
{{- if .Values.ecr.sessionToken }}
- name: VERSION_CHECKER_ECR_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ecr.sessionToken
{{- end }}
{{- end -}}

{{- define "version-checker.pod.envs.quay" -}}
{{- $chartname := include "version-checker.name" . -}}
{{- if .Values.quay.token }}
- name: VERSION_CHECKER_QUAY_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: quay.token
{{- end -}}
{{- end -}}

{{- define "version-checker.pod.envs.ghcr" -}}
{{- $chartname := include "version-checker.name" . -}}
{{- if .Values.ghcr.token }}
# GHCR
- name: VERSION_CHECKER_GHCR_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ghcr.token
{{- end -}}
{{- end -}}

{{- define "version-checker.pod.envs.gcr" -}}
{{- $chartname := include "version-checker.name" . -}}
{{- if .Values.gcr.token }}
# GCR
- name: VERSION_CHECKER_GCR_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: gcr.token
{{- end -}}
{{- end -}}


{{- define "version-checker.pod.volumes" -}}
{{- $secretEnabled := false -}}
{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) -}}
{{- $secretEnabled = true -}}
{{- end -}}
{{- if $secretEnabled -}}
- name: {{ include "version-checker.name" . }}
secret:
secretName: {{ include "version-checker.name" . }}
{{- end }}
{{- if and .Values.extraVolumes (gt (len .Values.extraVolumes) 0) }}
{{ toYaml .Values.extraVolumes -}}
{{- end -}}
{{- end -}}
155 changes: 15 additions & 140 deletions deploy/charts/version-checker/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
{{- $secretEnabled := false }}
{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
{{- $secretEnabled = true }}
{{- end }}
{{ $chartname := include "version-checker.name" . }}
apiVersion: apps/v1
kind: Deployment
Expand Down Expand Up @@ -48,10 +44,7 @@ spec:
containerPort: 8080
command: ["version-checker"]
args:
- "--image-cache-timeout={{.Values.versionChecker.imageCacheTimeout}}"
- "--log-level={{.Values.versionChecker.logLevel}}"
- "--metrics-serving-address={{.Values.versionChecker.metricsServingAddress}}"
- "--test-all-containers={{.Values.versionChecker.testAllContainers}}"
{{- include "version-checker.pod.args" . | nindent 8 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.securityContext }}
Expand All @@ -72,145 +65,27 @@ spec:
name: {{.Values.existingSecret}}
{{- end }}
env:
{{- if .Values.acr.refreshToken }}
# ACR
- name: VERSION_CHECKER_ACR_REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: acr.refreshToken
{{- end }}
{{- if .Values.acr.username }}
- name: VERSION_CHECKER_ACR_USERNAME
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: acr.username
{{- end }}
{{- if .Values.acr.password }}
- name: VERSION_CHECKER_ACR_PASSWORD
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: acr.password
{{- end -}}

{{- if .Values.ecr.iamRoleArn }}
# ECR
- name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
value: {{ .Values.ecr.iamRoleArn }}
{{- end }}
{{- if .Values.ecr.accessKeyID }}
- name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ecr.accessKeyID
{{- end -}}
{{- if .Values.ecr.secretAccessKey }}
- name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ecr.secretAccessKey
{{- end }}
{{- if .Values.ecr.sessionToken }}
- name: VERSION_CHECKER_ECR_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ecr.sessionToken
{{- end -}}
{{- if .Values.docker.token }}
# Docker
- name: VERSION_CHECKER_DOCKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: docker.token
{{- end }}
{{- if .Values.docker.username }}
- name: VERSION_CHECKER_DOCKER_USERNAME
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: docker.username
{{- end }}
{{- if .Values.docker.password }}
- name: VERSION_CHECKER_DOCKER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: docker.password
{{- end -}}
{{- if .Values.gcr.token }}
# GCR
- name: VERSION_CHECKER_GCR_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: gcr.token
{{- end -}}
{{- if .Values.ghcr.token }}
# GHCR
- name: VERSION_CHECKER_GHCR_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: ghcr.token
{{- end -}}
{{- if .Values.quay.token }}
# Quay
- name: VERSION_CHECKER_QUAY_TOKEN
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: quay.token
{{- end -}}
{{range $index, $element := .Values.selfhosted }}
# Selfhosted
{{- if $element.host }}
- name: VERSION_CHECKER_SELFHOSTED_HOST_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.host
{{- end -}}
{{- if $element.username }}
- name: VERSION_CHECKER_SELFHOSTED_USERNAME_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.username
{{- end -}}
{{- if $element.password }}
- name: VERSION_CHECKER_SELFHOSTED_PASSWORD_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.password
{{- end -}}
{{- if $element.token }}
- name: VERSION_CHECKER_SELFHOSTED_TOKEN_{{ $element.name }}
valueFrom:
secretKeyRef:
name: {{ $chartname }}
key: selfhosted.{{ $element.name }}.token
{{- end -}}
{{- end -}}
{{ include "version-checker.pod.envs.acr" . | nindent 8 }}
{{ include "version-checker.pod.envs.ecr" . | nindent 8 }}
{{ include "version-checker.pod.envs.docker" . | nindent 6 }}
{{- include "version-checker.pod.envs.gcr" . | nindent 8 }}
{{- include "version-checker.pod.envs.ghcr" . | nindent 8 }}
{{- include "version-checker.pod.envs.quay" . | nindent 8 }}
{{- include "version-checker.pod.envs.selfhosted" . | nindent 6 }}
# Extra Envs
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 8 }}
{{- end -}}
{{- end }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if $secretEnabled }}
- name: {{ include "version-checker.name" . }}
secret:
secretName: {{ include "version-checker.name" . }}
{{ end }}
{{- include "version-checker.pod.volumes" . | nindent 8 }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
Expand Down
Loading
Loading