Implement registry/repository split and global overrides

Fixes opencloud-eu#11, Fixes opencloud-eu#38

This commit implements the ability to split image configuration into
registry and repository components, and adds global overrides for all
images in the chart.

Changes:
- Add global.image.registry and global.image.pullPolicy overrides
- Split all image configurations into registry + repository
- Add helper templates for image rendering with overrides
- Update all deployment templates to use new helpers
- Add MinIO image configuration (was hardcoded before)
- Consolidate web extensions to use common image settings

Benefits:
- Easy configuration for private registries/mirrors
- Single setting to redirect all images
- Support for air-gapped environments
- Maintains backward compatibility

Example usage:
  helm install opencloud ./charts/opencloud \\
    --set global.image.registry=my-registry.com

Documentation:
- Added section in README about private registry support
- Updated configuration tables with new parameters
- Added examples for common use cases

Note: This feature is only implemented in the production chart.
The development chart remains unchanged due to its simpler structure.

Author: michaelstingl

README.md

@@ -108,6 +108,24 @@ helm install opencloud ./charts/opencloud-dev \
 
 [View Development Chart Documentation](./charts/opencloud-dev/README.md)
 
+## 🔒 Private Registry Support
+
+The **production chart** (`charts/opencloud`) supports using private container registries for all images. This is useful for:
+- Air-gapped environments  
+- Corporate registry mirrors
+- Pull-through caches
+
+Simply use the global override:
+```bash
+helm install opencloud ./charts/opencloud \
+  --set global.image.registry=my-registry.com \
+  --set global.image.pullPolicy=Always
+```
+
+See the [production chart documentation](./charts/opencloud/README.md#using-private-registries) for detailed configuration.
+
+**Note:** This feature is currently only available in the production chart.
+
 ## Architecture
 
 The production chart (`charts/opencloud`) deploys the following components:

charts/opencloud/README.md

@@ -191,6 +191,25 @@ Key interactions:
 
 The following table lists the configurable parameters of the OpenCloud chart and their default values.
 
+### Using Private Registries
+
+The chart supports using private container registries through global overrides. This is useful for:
+- Air-gapped environments
+- Corporate registry mirrors
+- Pull-through caches
+
+To use a private registry for all images:
+
+```bash
+helm install opencloud ./charts/opencloud \
+  --set global.image.registry=my-registry.com \
+  --set global.image.pullPolicy=Always
+```
+
+This will prepend `my-registry.com/` to all image references in the chart. For example:
+- `keycloak/keycloak:26.1.4` becomes `my-registry.com/keycloak/keycloak:26.1.4`
+- `opencloudeu/opencloud-rolling:latest` becomes `my-registry.com/opencloudeu/opencloud-rolling:latest`
+
 ### Global Settings
 
 | Parameter | Description | Default |
@@ -205,11 +224,14 @@ The following table lists the configurable parameters of the OpenCloud chart and
 | `global.tls.enabled` | Enable TLS (set to false when using gateway TLS termination externally) | `false` |
 | `global.tls.secretName` | secretName for TLS certificate | `""` |
 | `global.storage.storageClass` | Storage class for persistent volumes | `""` |
+| `global.image.registry` | Global registry override for all images (e.g., `my-registry.com`) | `""` |
+| `global.image.pullPolicy` | Global pull policy override for all images (`Always`, `IfNotPresent`, `Never`) | `""` |
 
 ### Image Settings
 
 | Parameter | Description | Default |
 | --------- | ----------- | ------- |
+| `image.registry` | OpenCloud image registry | `docker.io` |
 | `image.repository` | OpenCloud image repository | `opencloudeu/opencloud-rolling` |
 | `image.tag` | OpenCloud image tag | `latest` |
 | `image.pullPolicy` | Image pull policy | `IfNotPresent` |

charts/opencloud/templates/_helpers/tpl.yaml

@@ -148,6 +148,48 @@ Create a fully qualified Tika name.
 
 {{/* namespace helper removed - use .Release.Namespace directly */}}
 
+{{/*
+Return the image registry, using global override if set
+*/}}
+{{- define "opencloud.image.registry" -}}
+{{- $registry := .registry -}}
+{{- if .global -}}
+{{- if .global.image -}}
+{{- if .global.image.registry -}}
+{{- $registry = .global.image.registry -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $registry -}}
+{{- end -}}
+
+{{/*
+Return the image pull policy, using global override if set
+*/}}
+{{- define "opencloud.image.pullPolicy" -}}
+{{- $pullPolicy := .pullPolicy -}}
+{{- if .global -}}
+{{- if .global.image -}}
+{{- if .global.image.pullPolicy -}}
+{{- $pullPolicy = .global.image.pullPolicy -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $pullPolicy -}}
+{{- end -}}
+
+{{/*
+Return the full image name with registry
+*/}}
+{{- define "opencloud.image" -}}
+{{- $registry := include "opencloud.image.registry" (dict "registry" .imageValues.registry "global" .global) -}}
+{{- if $registry -}}
+{{- printf "%s/%s:%s" $registry .imageValues.repository .imageValues.tag -}}
+{{- else -}}
+{{- printf "%s:%s" .imageValues.repository .imageValues.tag -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return the appropriate apiVersion for ingress
 */}}

charts/opencloud/templates/collabora/deployment.yaml

@@ -20,8 +20,8 @@ spec:
     spec:
       containers:
         - name: collabora
-          image: {{ .Values.collabora.image.repository }}:{{ .Values.collabora.image.tag }}
-          imagePullPolicy: {{ .Values.collabora.image.pullPolicy | default "IfNotPresent" }}
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.collabora.image "global" .Values.global) | quote }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.collabora.image.pullPolicy "global" .Values.global) }}
           command: ['/bin/bash', '-c']
           args:
             - 'coolconfig generate-proof-key && /start-collabora-online.sh'

charts/opencloud/templates/collaboration/deployment.yaml

@@ -53,8 +53,8 @@ spec:
         {{- end }}
       containers:
         - name: collaboration
-          image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.image "global" .Values.global) | quote }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.image.pullPolicy "global" .Values.global) }}
           command: ["/bin/sh"]
           args: ["-c", "opencloud collaboration server"]
           env:

charts/opencloud/templates/keycloak/deployment.yaml

@@ -24,8 +24,8 @@ spec:
         fsGroup: 1000
       containers:
         - name: keycloak
-          image: {{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}
-          imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }}
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.keycloak.image "global" .Values.global) | quote }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.keycloak.image.pullPolicy "global" .Values.global) }}
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:

charts/opencloud/templates/minio/deployment.yaml

@@ -37,7 +37,8 @@ spec:
               mountPath: /data
       containers:
         - name: minio
-          image: minio/minio:latest
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.opencloud.storage.s3.internal.image "global" .Values.global) | quote }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.opencloud.storage.s3.internal.image.pullPolicy "global" .Values.global) }}
           securityContext:
             runAsUser: 1000
             runAsGroup: 1000

charts/opencloud/templates/onlyoffice/deployment.yaml

@@ -20,8 +20,8 @@ spec:
     spec:
       containers:
         - name: onlyoffice
-          image: {{ .Values.onlyoffice.repository }}:{{ .Values.onlyoffice.tag | default "8.2.2" }}
-          imagePullPolicy: {{ .Values.onlyoffice.pullPolicy | default "IfNotPresent" }}
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.onlyoffice.image "global" .Values.global) | quote }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.onlyoffice.image.pullPolicy "global" .Values.global) }}
           command: ["/bin/sh", "/entrypoint-override.sh"]
           env:
             - name: WOPI_ENABLED

charts/opencloud/templates/opencloud/deployment.yaml

@@ -46,47 +46,47 @@ spec:
         # Web extensions init containers
         {{- if .Values.webExtensions.extensions.drawio.enabled }}
         - name: init-drawio
-          image: {{ .Values.webExtensions.extensions.drawio.repository }}:{{ .Values.webExtensions.extensions.drawio.tag }}
+          image: {{ include "opencloud.image" (dict "imageValues" (merge (dict "tag" .Values.webExtensions.extensions.drawio.tag) .Values.webExtensions.image) "global" .Values.global) | quote }}
           command: ['sh', '-c', 'mkdir -p /extensions/draw-io && cp -R /usr/share/nginx/html/draw-io/ /extensions/']
           volumeMounts:
             - name: extensions
               mountPath: /extensions
         {{- end }}
         {{- if .Values.webExtensions.extensions.externalsites.enabled }}
         - name: init-externalsites
-          image: {{ .Values.webExtensions.extensions.externalsites.repository }}:{{ .Values.webExtensions.extensions.externalsites.tag }}
+          image: {{ include "opencloud.image" (dict "imageValues" (merge (dict "tag" .Values.webExtensions.extensions.externalsites.tag) .Values.webExtensions.image) "global" .Values.global) | quote }}
           command: ['sh', '-c', 'mkdir -p /extensions/external-sites && cp -R /usr/share/nginx/html/external-sites/ /extensions/']
           volumeMounts:
             - name: extensions
               mountPath: /extensions
         {{- end }}
         {{- if .Values.webExtensions.extensions.importer.enabled }}
         - name: init-importer
-          image: {{ .Values.webExtensions.extensions.importer.repository }}:{{ .Values.webExtensions.extensions.importer.tag }}
+          image: {{ include "opencloud.image" (dict "imageValues" (merge (dict "tag" .Values.webExtensions.extensions.importer.tag) .Values.webExtensions.image) "global" .Values.global) | quote }}
           command: ['sh', '-c', 'mkdir -p /extensions/importer && cp -R /usr/share/nginx/html/importer/ /extensions/']
           volumeMounts:
             - name: extensions
               mountPath: /extensions
         {{- end }}
         {{- if .Values.webExtensions.extensions.jsonviewer.enabled }}
         - name: init-jsonviewer
-          image: {{ .Values.webExtensions.extensions.jsonviewer.repository }}:{{ .Values.webExtensions.extensions.jsonviewer.tag }}
+          image: {{ include "opencloud.image" (dict "imageValues" (merge (dict "tag" .Values.webExtensions.extensions.jsonviewer.tag) .Values.webExtensions.image) "global" .Values.global) | quote }}
           command: ['sh', '-c', 'mkdir -p /extensions/json-viewer && cp -R /usr/share/nginx/html/json-viewer/ /extensions/']
           volumeMounts:
             - name: extensions
               mountPath: /extensions
         {{- end }}
         {{- if .Values.webExtensions.extensions.progressbars.enabled }}
         - name: init-progressbars
-          image: {{ .Values.webExtensions.extensions.progressbars.repository }}:{{ .Values.webExtensions.extensions.progressbars.tag }}
+          image: {{ include "opencloud.image" (dict "imageValues" (merge (dict "tag" .Values.webExtensions.extensions.progressbars.tag) .Values.webExtensions.image) "global" .Values.global) | quote }}
           command: ['sh', '-c', 'mkdir -p /extensions/progress-bars && cp -R /usr/share/nginx/html/progress-bars/ /extensions/']
           volumeMounts:
             - name: extensions
               mountPath: /extensions
         {{- end }}
         {{- if .Values.webExtensions.extensions.unzip.enabled }}
         - name: init-unzip
-          image: {{ .Values.webExtensions.extensions.unzip.repository }}:{{ .Values.webExtensions.extensions.unzip.tag }}
+          image: {{ include "opencloud.image" (dict "imageValues" (merge (dict "tag" .Values.webExtensions.extensions.unzip.tag) .Values.webExtensions.image) "global" .Values.global) | quote }}
           command: ['sh', '-c', 'mkdir -p /extensions/unzip && cp -R /usr/share/nginx/html/unzip/ /extensions/']
           volumeMounts:
             - name: extensions
@@ -106,7 +106,7 @@ spec:
         {{- end }}
       containers:
         - name: opencloud
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.image "global" .Values.global) | quote }}
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -115,7 +115,7 @@ spec:
             runAsNonRoot: true
             seccompProfile:
               type: RuntimeDefault
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.image.pullPolicy "global" .Values.global) }}
           command: ["/bin/sh"]
           args: ["-c", "opencloud init || true; opencloud server"]
           {{- with .Values.opencloud.envFrom }}

charts/opencloud/templates/postgres/deployment.yaml

@@ -24,8 +24,8 @@ spec:
         fsGroup: 999  # Default PostgreSQL group ID
       containers:
         - name: postgres
-          image: {{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}
-          imagePullPolicy: {{ .Values.postgres.image.pullPolicy }}
+          image: {{ include "opencloud.image" (dict "imageValues" .Values.postgres.image "global" .Values.global) | quote }}
+          imagePullPolicy: {{ include "opencloud.image.pullPolicy" (dict "pullPolicy" .Values.postgres.image.pullPolicy "global" .Values.global) }}
           env:
             - name: POSTGRES_DB
               value: {{ .Values.postgres.database | quote }}