From ff11deec6a2551afd7346453f0b1106f4f115413 Mon Sep 17 00:00:00 2001 From: Chuck D'Antonio Date: Mon, 18 Aug 2025 16:41:24 -0400 Subject: [PATCH 1/2] Documents helper for image pull secrets Addressing a question @grantmiller asked about whether we recommend using a Helper or not for image pull secrets. --- docs/vendor/helm-image-registry.mdx | 55 +++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 7 deletions(-) diff --git a/docs/vendor/helm-image-registry.mdx b/docs/vendor/helm-image-registry.mdx index 09a1b5323a..5b63e2f139 100644 --- a/docs/vendor/helm-image-registry.mdx +++ b/docs/vendor/helm-image-registry.mdx @@ -46,8 +46,52 @@ To configure your application to use the proxy registry with Helm CLI installati .dockerconfigjson: {{ .Values.global.replicated.dockerconfigjson }} {{ end }} ``` - -1. Add the image pull secret that you created to any manifests that reference the image. +1. Add a Helm helper for the image pull secret to your `_helper.tpl`. This code will use your secret but allow your customer to override it for situations, like an airgapped installation, where they have moved the image to another regitsry: + +```yam1 +{{/* +Image pull secrets +*/}} +{{- define "replicated.imagePullSecrets" -}} + {{- $pullSecrets := list }} + + {{- with ((.Values.global).imagePullSecrets) -}} + {{- range . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + {{- end -}} + + {{/* use image pull secrets provided as values */}} + {{- with .Values.images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* use secret created with injected docker config */}} + {{- if hasKey ((.Values.global).replicated) "dockerconfigjson" }} + {{- $pullSecrets = append $pullSecrets "replicated-pull-secret" -}} + {{- end -}} + + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} +``` + +1. Use your helper in any manifests that reference the image. **Example:** @@ -59,11 +103,8 @@ To configure your application to use the proxy registry with Helm CLI installati - name: api # Access the registry, repository, and tag fields from the values file image: {{ .Values.images.api.registry }}/{{ .Values.images.api.repository }}:{{ .Values.images.api.tag }} - # Add the pull secret - {{ if .Values.global.replicated.dockerconfigjson }} - imagePullSecrets: - - name: replicated-pull-secret - {{ end }} + # Add the pull secret with your helper + {{- include "replicated.imagePullSecrets" . | nindent 6 }} ``` 1. Package your Helm chart and add it to a release. Promote the release to a development channel. See [Managing Releases with Vendor Portal](releases-creating-releases). From ddd34f0bb0c9d63aff93fc268d6a8859835f7471 Mon Sep 17 00:00:00 2001 From: Paige Calvert Date: Tue, 19 Aug 2025 12:32:36 -0600 Subject: [PATCH 2/2] docs edits --- docs/vendor/helm-image-registry.mdx | 84 ++++++++++++++--------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/docs/vendor/helm-image-registry.mdx b/docs/vendor/helm-image-registry.mdx index 5b63e2f139..04e7751b90 100644 --- a/docs/vendor/helm-image-registry.mdx +++ b/docs/vendor/helm-image-registry.mdx @@ -46,50 +46,50 @@ To configure your application to use the proxy registry with Helm CLI installati .dockerconfigjson: {{ .Values.global.replicated.dockerconfigjson }} {{ end }} ``` -1. Add a Helm helper for the image pull secret to your `_helper.tpl`. This code will use your secret but allow your customer to override it for situations, like an airgapped installation, where they have moved the image to another regitsry: - -```yam1 -{{/* -Image pull secrets -*/}} -{{- define "replicated.imagePullSecrets" -}} - {{- $pullSecrets := list }} - - {{- with ((.Values.global).imagePullSecrets) -}} - {{- range . -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - {{- end -}} - - {{/* use image pull secrets provided as values */}} - {{- with .Values.images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} +1. In your `_helper.tpl`, add a Helm helper for the image pull secret. This helper creates an `imagePullSecrets` value that lists both the Replicated pull secret that you created (if present) as well as any global or chart-level pull secrets provided by your customers. This supports use cases where customers need to provide additional pull secrets, such as in air gap installations where images are pushed to a private regitsry in the air-gapped environment. + + ```yam1 + {{/* + Image pull secrets + */}} + {{- define "replicated.imagePullSecrets" -}} + {{- $pullSecrets := list }} + + {{- with ((.Values.global).imagePullSecrets) -}} + {{- range . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + {{- end -}} + + {{/* use image pull secrets provided as values */}} + {{- with .Values.images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* use secret created with injected docker config */}} + {{- if hasKey ((.Values.global).replicated) "dockerconfigjson" }} + {{- $pullSecrets = append $pullSecrets "replicated-pull-secret" -}} {{- end -}} + + + {{- if (not (empty $pullSecrets)) -}} + imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} {{- end -}} - {{- end -}} - - {{/* use secret created with injected docker config */}} - {{- if hasKey ((.Values.global).replicated) "dockerconfigjson" }} - {{- $pullSecrets = append $pullSecrets "replicated-pull-secret" -}} - {{- end -}} - - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} -``` + ``` 1. Use your helper in any manifests that reference the image.