feat: adding imagepull secret to helm chart #76
Conversation
coillteoir
requested review from
Andreea-Lupu,
andaaron and
rchincha
as code owners
|
This PR is still a work in progress, any guidance around how zots credentials are generated and managed in the chart, and how they can be placed into the secret would be much appreciated. Once thats done, I can look into creating a test job for this. |
Are you planning to use the htpasswd binary to do this? |
I'm unsure about the implementation details just yet, I'll probably use a job to create the secret at install time. Similar to https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/templates/redis-secret-init/job.yamlhttps://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/templates/redis-secret-init/job.yaml |
There was a problem hiding this comment.
Pull request overview
This PR adds support for auto-generating an image pull secret in the zot Helm chart. The feature is controlled by a new configuration option imagePullSecret.enable in values.yaml and creates a Kubernetes secret of type kubernetes.io/dockerconfigjson when enabled.
Key changes:
- Added
imagePullSecret.enableconfiguration in values.yaml (defaulting to true) - Created new template
imagepullsecret.yamlto generate the image pull secret - Bumped chart version from 0.1.81 to 0.1.82
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| charts/zot/values.yaml | Added configuration for enabling image pull secret feature |
| charts/zot/templates/imagepullsecret.yaml | New template to create kubernetes.io/dockerconfigjson secret |
| charts/zot/Chart.yaml | Version bump to 0.1.82 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
| kind: Secret | ||
| metadata: | ||
| name: {{ .Release.Name }}-image-pull-secret | ||
| namespace: {{ .Values.namespace | default .Release.namespace }} |
There was a problem hiding this comment.
Incorrect capitalization of '.Release.namespace'. Should be '.Release.Namespace' (capital N). This will cause a template error as the lowercase version doesn't exist in Helm.
| namespace: {{ .Values.namespace | default .Release.namespace }} | |
| namespace: {{ .Values.namespace | default .Release.Namespace }} |
| namespace: {{ .Values.namespace | default .Release.namespace }} | ||
| data: | ||
| .dockerconfigjson: | ||
| {{ .Values.secretFiles.htpasswd | b64enc }} |
There was a problem hiding this comment.
The data in .dockerconfigjson must be a valid Docker config JSON format (e.g., '{"auths":{"registry.example.com":{"username":"user","password":"pass","auth":"base64-encoded-credentials"}}}'), not an htpasswd file. The htpasswd format is for HTTP basic authentication and is incompatible with Kubernetes image pull secrets. Consider creating a proper Docker config JSON structure or documenting how users should provide the correct format.
| {{ .Values.secretFiles.htpasswd | b64enc }} | |
| {{ .Values.secretFiles.dockerconfigjson | b64enc }} |
2 participants
What type of PR is this?
Feature
What does this PR do / Why do we need it:
It will auto generate the image pull secret for the installed zot registry.
Testing done on this change:
Automation added to e2e:
Will this break upgrades or downgrades?
Does this PR introduce any user-facing change?:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.