Skip to content

Commit

Permalink
Add option for docker imagepull secrets
Browse files Browse the repository at this point in the history
In larger production environments, we may get rate-limited by Docker Hub for a lot of image pulls.
So, I've added an option for providing the Docker pull secret name to avoid rate limits.

Signed-off-by: Jana [email protected]
  • Loading branch information
janavenkat committed Jul 15, 2024
1 parent a5f584c commit 964e27b
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 1 deletion.
4 changes: 4 additions & 0 deletions deployments/helm/KubeArmor/templates/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ spec:
labels:
kubearmor-app: kubearmor
spec:
{{- if .Values.kubearmor.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.kubearmor.image.imagePullSecrets | indent 6 }}
{{- end }}
containers:
- args:
- -gRPC=32767
Expand Down
12 changes: 12 additions & 0 deletions deployments/helm/KubeArmor/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ spec:
labels:
kubearmor-app: kubearmor-relay
spec:
{{- if .Values.kubearmorRelay.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.kubearmorRelay.image.imagePullSecrets | indent 6 }}
{{- end }}
containers:
- args:
{{printf "- -tlsEnabled=%t" .Values.tls.enabled}}
Expand Down Expand Up @@ -79,6 +83,10 @@ spec:
- /manager
image: {{printf "%s:%s" .Values.kubearmorController.image.repository .Values.kubearmorController.image.tag}}
imagePullPolicy: {{ .Values.kubearmorController.imagePullPolicy }}
{{- if .Values.kubearmorController.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.kubearmorController.image.imagePullSecrets | indent 8 }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
Expand Down Expand Up @@ -117,6 +125,10 @@ spec:
- --logtostderr=true
- --v=0
image: {{printf "%s:%s" .Values.kubeRbacProxy.image.repository .Values.kubeRbacProxy.image.tag}}
{{- if .Values.kubeRbacProxy.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.kubeRbacProxy.image.imagePullSecrets | indent 8 }}
{{- end }}
name: kube-rbac-proxy
ports:
- containerPort: 8443
Expand Down
12 changes: 11 additions & 1 deletion deployments/helm/KubeArmor/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,11 @@ kubearmorRelay:
repository: kubearmor/kubearmor-relay-server
# kubearmor-init image tag
tag: latest
# Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production.
imagePullSecrets: ""
# kubearmor-init imagePullPolicy
imagePullPolicy: Always

# Add environment variables for STDOUT logging
enableStdoutLogs: "false"
enableStdoutAlerts: "false"
Expand Down Expand Up @@ -62,6 +65,8 @@ kubearmorInit:
repository: kubearmor/kubearmor-init
# kubearmor-init image tag
tag: stable
# Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production.
imagePullSecrets: ""
# kubearmor-init imagePullPolicy
imagePullPolicy: Always

Expand All @@ -71,6 +76,8 @@ kubeRbacProxy:
repository: gcr.io/kubebuilder/kube-rbac-proxy
# kube-rbac-proxy image tag
tag: v0.15.0
# Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production.
imagePullSecrets: ""
# kube-rbac-proxy imagePullPolicy
imagePullPolicy: Always

Expand All @@ -83,6 +90,8 @@ kubearmorController:
repository: kubearmor/kubearmor-controller
# kubearmor-controller image tag
tag: latest
# Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production.
imagePullSecrets: ""
mutation:
# kubearmor-controller failure policy
failurePolicy: Ignore
Expand All @@ -102,7 +111,8 @@ kubearmor:
repository: kubearmor/kubearmor
# kubearmor daemonset image tag
tag: stable

# Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production.
imagePullSecrets: ""
# kubearmor daemonset imagePullPolicy
imagePullPolicy: Always

Expand Down
4 changes: 4 additions & 0 deletions deployments/helm/KubeArmorOperator/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ spec:
labels:
kubearmor-app: {{ .Values.kubearmorOperator.name }}
spec:
{{- if .Values.kubearmorOperator.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.kubearmorOperator.image.imagePullSecrets | indent 6 }}
{{- end }}
containers:
- name: {{ .Values.kubearmorOperator.name }}
env:
Expand Down
2 changes: 2 additions & 0 deletions deployments/helm/KubeArmorOperator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ kubearmorOperator:
repository: kubearmor/kubearmor-operator
tag: ""
imagePullPolicy: IfNotPresent
# Optional, but if there are a lot of image pulls required, Docker might be rate-limited. So, it's good to add pull secrets for production.
imagePullSecrets: ""

kubearmorConfig:
defaultCapabilitiesPosture: audit
Expand Down

0 comments on commit 964e27b

Please sign in to comment.