diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index 304c2b765654ec1dc08dd4b9a7a02182e35ca2fe..9b9354508600dfbdc885e620f6fd364a99769e8a 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -54,9 +54,9 @@ branch: {{ .branch | quote }}
{{- end -}}
{{/*
-Build the appropriate git credentials secret for private git repositories
+Build the appropriate git credentials secret for BB wide git repositories
*/}}
-{{- define "gitCreds" -}}
+{{- define "gitCredsGlobal" -}}
{{- if .Values.git.existingSecret -}}
secretRef:
name: {{ .Values.git.existingSecret }}
@@ -67,6 +67,30 @@ secretRef:
{{- end -}}
{{- end -}}
+{{/*
+Build the appropriate git credentials secret for individual package and BB wide private git repositories
+*/}}
+{{- define "gitCredsExtended" -}}
+{{- if .packageGitScope.existingSecret -}}
+secretRef:
+ name: {{ .packageGitScope.existingSecret }}
+{{- else if and (.packageGitScope.credentials) (coalesce .packageGitScope.credentials.username .packageGitScope.credentials.password .packageGitScope.credentials.caFile .packageGitScope.credentials.privateKey .packageGitScope.credentials.publicKey .packageGitScope.credentials.knownHosts "") -}}
+{{- /* Input validation happens in git-credentials.yaml template */ -}}
+secretRef:
+ name: {{ .releaseName }}-{{ .name }}-git-credentials
+{{- else -}}
+{{/* If no credentials are specified, use the global credentials in the rootScope */}}
+{{- include "gitCredsGlobal" .rootScope }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Pointer to the appropriate git credentials template
+*/}}
+{{- define "gitCreds" -}}
+{{- include "gitCredsGlobal" . }}
+{{- end -}}
+
{{/*
Build common set of file extensions to include/exclude
*/}}
@@ -306,3 +330,57 @@ bigbang.dev/istioVersion: {{ .Values.istio.helmRepo.tag }}{{ if .Values.istio.en
{{- printf "-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----" $cert -}}
{{- end -}}
{{- end -}}
+
+{{- /*
+Returns the git credentails secret for the given scope and name
+*/ -}}
+{{- define "gitCredsSecret" -}}
+{{- $name := .name }}
+{{- $releaseName := .releaseName }}
+{{- $releaseNamespace := .releaseNamespace }}
+{{- with .targetScope -}}
+{{- if and (eq .sourceType "git") .enabled }}
+{{- if .git }}
+{{- with .git -}}
+{{- if not .existingSecret }}
+{{- if .credentials }}
+{{- if coalesce .credentials.username .credentials.password .credentials.caFile .credentials.privateKey .credentials.publicKey .credentials.knownHosts -}}
+{{- $http := coalesce .credentials.username .credentials.password .credentials.caFile "" }}
+{{- $ssh := coalesce .credentials.privateKey .credentials.publicKey .credentials.knownHosts "" }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $releaseName }}-{{ $name }}-git-credentials
+ namespace: {{ $releaseNamespace }}
+type: Opaque
+data:
+ {{- if $http }}
+ {{- if .credentials.caFile }}
+ caFile: {{ .credentials.caFile | b64enc }}
+ {{- end }}
+ {{- if and .credentials.username (not .credentials.password ) }}
+ {{- printf "%s - When using http git username, password must be specified" $name | fail }}
+ {{- end }}
+ {{- if and .credentials.password (not .credentials.username ) }}
+ {{- printf "%s - When using http git password, username must be specified" $name | fail }}
+ {{- end }}
+ {{- if and .credentials.username .credentials.password }}
+ username: {{ .credentials.username | b64enc }}
+ password: {{ .credentials.password | b64enc }}
+ {{- end }}
+ {{- else }}
+ {{- if not (and (and .credentials.privateKey .credentials.publicKey) .credentials.knownHosts) }}
+ {{- printf "%s - When using ssh git credentials, privateKey, publicKey, and knownHosts must all be specified" $name | fail }}
+ {{- end }}
+ identity: {{ .credentials.privateKey | b64enc }}
+ identity.pub: {{ .credentials.publicKey | b64enc }}
+ known_hosts: {{ .credentials.knownHosts | b64enc }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/anchore/git-credentials.yaml b/chart/templates/anchore/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0fadae2c24b8f91b73014788d9f317da95e2aa94
--- /dev/null
+++ b/chart/templates/anchore/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "anchore"
+ "targetScope" .Values.addons.anchore
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/anchore/gitrepository.yaml b/chart/templates/anchore/gitrepository.yaml
index 9a37f9922ecdcc5d87cc0c53d9f1f2e9468109a0..952453afd7f9d6af7e18c50010fa39355cbb6559 100644
--- a/chart/templates/anchore/gitrepository.yaml
+++ b/chart/templates/anchore/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.anchore.sourceType "git") .Values.addons.anchore.enabled }}
+{{- $gitCredsDict := dict
+ "name" "anchore"
+ "packageGitScope" .Values.addons.anchore.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -10,5 +16,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.anchore.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/argocd/git-credentials.yaml b/chart/templates/argocd/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7ec86325bdb9be1068464f88ed81dc11bc9d2f3e
--- /dev/null
+++ b/chart/templates/argocd/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "argocd"
+ "targetScope" .Values.addons.argocd
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/argocd/gitrepository.yaml b/chart/templates/argocd/gitrepository.yaml
index 6437814b26545deb8f32c5ad0d832a86874a51a0..f447c20ab33a4f220d5f9ffee5ef871ea66f4976 100644
--- a/chart/templates/argocd/gitrepository.yaml
+++ b/chart/templates/argocd/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.argocd.sourceType "git") .Values.addons.argocd.enabled }}
+{{- $gitCredsDict := dict
+ "name" "argocd"
+ "packageGitScope" .Values.addons.argocd.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.argocd.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/authservice/git-credentials.yaml b/chart/templates/authservice/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..830777ca8c4cd74da2a54b7081545eebe618465a
--- /dev/null
+++ b/chart/templates/authservice/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "authservice"
+ "targetScope" .Values.addons.authservice
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/authservice/gitrepository.yaml b/chart/templates/authservice/gitrepository.yaml
index 902a3c75912dbaa52fb156614b8c0286d6df3524..c6665ace28684b1020df720b29b54f9b51e9bf09 100644
--- a/chart/templates/authservice/gitrepository.yaml
+++ b/chart/templates/authservice/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and .Values.istio.enabled (eq .Values.addons.authservice.sourceType "git") (or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled)) }}
+{{- $gitCredsDict := dict
+ "name" "authservice"
+ "packageGitScope" .Values.addons.authservice.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.authservice.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/cluster-auditor/git-credentials.yaml b/chart/templates/cluster-auditor/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5132ce0f28f55e2590a92b5e79bd4db35a2c65f2
--- /dev/null
+++ b/chart/templates/cluster-auditor/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "clusterAuditor"
+ "targetScope" .Values.clusterAuditor
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/cluster-auditor/gitrepository.yaml b/chart/templates/cluster-auditor/gitrepository.yaml
index 733773a12a6693a68d42b78c6f803d096ba2616f..dec3272075b578008b34d14a9d7db3dff2bb69ce 100644
--- a/chart/templates/cluster-auditor/gitrepository.yaml
+++ b/chart/templates/cluster-auditor/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.clusterAuditor.sourceType "git") (not .Values.offline) .Values.clusterAuditor.enabled }}
+{{- $gitCredsDict := dict
+ "name" "clusterAuditor"
+ "packageGitScope" .Values.clusterAuditor.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.clusterAuditor.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/eck-operator/git-credentials.yaml b/chart/templates/eck-operator/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..80f4afd4ebc0e5dc09099c3357373a1d1850639c
--- /dev/null
+++ b/chart/templates/eck-operator/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "eckOperator"
+ "targetScope" .Values.eckOperator
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/eck-operator/gitrepository.yaml b/chart/templates/eck-operator/gitrepository.yaml
index d0cf83811250500ac41660242542d986f0b7b050..5a4297bed0e1c2b55fa834c3bdc504499d79d99e 100644
--- a/chart/templates/eck-operator/gitrepository.yaml
+++ b/chart/templates/eck-operator/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.eckOperator.sourceType "git") (not .Values.offline) (or .Values.eckOperator.enabled .Values.elasticsearchKibana.enabled) }}
+{{- $gitCredsDict := dict
+ "name" "eckOperator"
+ "packageGitScope" .Values.eckOperator.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.eckOperator.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/elasticsearch-kibana/git-credentials.yaml b/chart/templates/elasticsearch-kibana/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d6da7ae5ecbe27f490d3b3d58cf5c3bf139f8f7b
--- /dev/null
+++ b/chart/templates/elasticsearch-kibana/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "elasticsearchKibana"
+ "targetScope" .Values.elasticsearchKibana
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/elasticsearch-kibana/gitrepository.yaml b/chart/templates/elasticsearch-kibana/gitrepository.yaml
index 774f9734e26d78c1987c02554e592cedb77a1e42..b9524d1ac965fc8059dbe2f0e928b2d61ce0bec6 100644
--- a/chart/templates/elasticsearch-kibana/gitrepository.yaml
+++ b/chart/templates/elasticsearch-kibana/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.elasticsearchKibana.sourceType "git") (not .Values.offline) ( .Values.elasticsearchKibana.enabled ) }}
+{{- $gitCredsDict := dict
+ "name" "elasticsearchKibana"
+ "packageGitScope" .Values.elasticsearchKibana.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.elasticsearchKibana.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/fluentbit/git-credentials.yaml b/chart/templates/fluentbit/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..98a6882c6de337b5c7bd03383704fb24b4cc2563
--- /dev/null
+++ b/chart/templates/fluentbit/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "fluentbit"
+ "targetScope" .Values.fluentbit
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/fluentbit/gitrepository.yaml b/chart/templates/fluentbit/gitrepository.yaml
index 2c18f3079c177d303ff91ddeb6889c6d690eeed6..092ee90cdbb1c6975cbdd7f2f3f4234b50287595 100644
--- a/chart/templates/fluentbit/gitrepository.yaml
+++ b/chart/templates/fluentbit/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.fluentbit.sourceType "git") (not .Values.offline) (.Values.fluentbit.enabled) }}
+{{- $gitCredsDict := dict
+ "name" "fluentbit"
+ "packageGitScope" .Values.fluentbit.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.fluentbit.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/fortify/git-credentials.yaml b/chart/templates/fortify/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..492fc5bb4946514ea46c402cfee93be1da493a62
--- /dev/null
+++ b/chart/templates/fortify/git-credentials.yaml
@@ -0,0 +1,8 @@
+{{- $pkg := "fortify" }}
+{{- $gitCredsSecretDict := dict
+ "name" $pkg
+ "targetScope" (get .Values.addons $pkg)
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/fortify/gitrepository.yaml b/chart/templates/fortify/gitrepository.yaml
index c4e5d87d65d705805b49eb9880af979acf438976..8d196c851135e79443f2df22cadfa51165b16e01 100644
--- a/chart/templates/fortify/gitrepository.yaml
+++ b/chart/templates/fortify/gitrepository.yaml
@@ -1,5 +1,11 @@
{{- $pkg := "fortify" }}
{{- if and (eq (get .Values.addons $pkg).sourceType "git") (not .Values.offline) (get .Values.addons $pkg).enabled }}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" (get .Values.addons $pkg).git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -11,5 +17,5 @@ spec:
ref:
{{- include "validRef" (get .Values.addons $pkg).git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/gatekeeper/git-credentials.yaml b/chart/templates/gatekeeper/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..50cfaf54736584db955b484ca2f2c3bccb1ee7f1
--- /dev/null
+++ b/chart/templates/gatekeeper/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "gatekeeper"
+ "targetScope" .Values.gatekeeper
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/gatekeeper/gitrepository.yaml b/chart/templates/gatekeeper/gitrepository.yaml
index 1ad3493ad24f1ad0b27ad0e346f2df6dc3efacc0..6d1cd71ffe00dfc1c76f010500401388e10b3914 100644
--- a/chart/templates/gatekeeper/gitrepository.yaml
+++ b/chart/templates/gatekeeper/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.gatekeeper.sourceType "git") (not .Values.offline) (or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled) }}
+{{- $gitCredsDict := dict
+ "name" "gatekeeper"
+ "packageGitScope" .Values.gatekeeper.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.gatekeeper.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/gitlab-runner/git-credentials.yaml b/chart/templates/gitlab-runner/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c1544b6ac2921cdd50879feb946448be24b1d4d6
--- /dev/null
+++ b/chart/templates/gitlab-runner/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "gitlabRunner"
+ "targetScope" .Values.addons.gitlabRunner
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/gitlab-runner/gitrepository.yaml b/chart/templates/gitlab-runner/gitrepository.yaml
index 8827f7fb7d627c4d97dd6769e1aa5ff0cfebdb23..b4d82bc832a407a39b7a7e38e0bc4c5f9a96aebb 100644
--- a/chart/templates/gitlab-runner/gitrepository.yaml
+++ b/chart/templates/gitlab-runner/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.gitlabRunner.sourceType "git") (not .Values.offline) .Values.addons.gitlabRunner.enabled }}
+{{- $gitCredsDict := dict
+ "name" "gitlabRunner"
+ "packageGitScope" .Values.addons.gitlabRunner.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -10,5 +16,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.gitlabRunner.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/gitlab/git-credentials.yaml b/chart/templates/gitlab/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..31d031d66271b07fc2cb2cfe0ff86e6921bc3c6f
--- /dev/null
+++ b/chart/templates/gitlab/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "gitlab"
+ "targetScope" .Values.addons.gitlab
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/gitlab/gitrepository.yaml b/chart/templates/gitlab/gitrepository.yaml
index e87b60ecbd456a05b9c7bcc49c97f9e4702df6ad..d25655d98035f41e57d62b6ca5d489653a2ba883 100644
--- a/chart/templates/gitlab/gitrepository.yaml
+++ b/chart/templates/gitlab/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.gitlab.sourceType "git") (not .Values.offline) .Values.addons.gitlab.enabled }}
+{{- $gitCredsDict := dict
+ "name" "gitlab"
+ "packageGitScope" .Values.addons.gitlab.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -13,5 +19,5 @@ spec:
url: {{ .Values.addons.gitlab.git.repo }}
ref:
{{- include "validRef" .Values.addons.gitlab.git | nindent 4 }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/grafana/git-credentials.yaml b/chart/templates/grafana/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..79b0f68385194cbba6268381e6cf9fd60cb08e96
--- /dev/null
+++ b/chart/templates/grafana/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "grafana"
+ "targetScope" .Values.grafana
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/grafana/gitrepository.yaml b/chart/templates/grafana/gitrepository.yaml
index 64480ebe2497aef1aa963025dc9ba38f8dd98a83..0b3851108cfe9de9e45dd0350061b76283e632dd 100644
--- a/chart/templates/grafana/gitrepository.yaml
+++ b/chart/templates/grafana/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.grafana.sourceType "git") (not .Values.offline) .Values.grafana.enabled }}
+{{- $gitCredsDict := dict
+ "name" "grafana"
+ "packageGitScope" .Values.grafana.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,6 +20,6 @@ spec:
ref:
{{- include "validRef" .Values.grafana.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/haproxy/git-credentials.yaml b/chart/templates/haproxy/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..68862d042d22b960014ceee43656bc08387f9142
--- /dev/null
+++ b/chart/templates/haproxy/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "haproxy"
+ "targetScope" .Values.addons.haproxy
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/haproxy/gitrepository.yaml b/chart/templates/haproxy/gitrepository.yaml
index ff6f66d85fad259949bdc57a10f99b5f498748aa..3d035098790c22807553f208bff104afe945f417 100644
--- a/chart/templates/haproxy/gitrepository.yaml
+++ b/chart/templates/haproxy/gitrepository.yaml
@@ -1,5 +1,11 @@
{{- $monitoringInjection := dig "istio" "injection" "enabled" .Values.monitoring }}
{{- if and .Values.istio.enabled .Values.monitoring.enabled .Values.monitoring.sso.enabled (eq $monitoringInjection "disabled") }}
+{{- $gitCredsDict := dict
+ "name" "haproxy"
+ "packageGitScope" .Values.addons.haproxy.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -15,5 +21,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.haproxy.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/harbor/git-credentials.yaml b/chart/templates/harbor/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..02b4f08fa0d2630478a873fc47cd69fcab54b182
--- /dev/null
+++ b/chart/templates/harbor/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "harbor"
+ "targetScope" .Values.addons.harbor
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/harbor/gitrepository.yaml b/chart/templates/harbor/gitrepository.yaml
index 84f173dffb54f261da140d5c5ca4e2206de7ad07..c950b3724121f559628d1c5bb2979fa135b609be 100644
--- a/chart/templates/harbor/gitrepository.yaml
+++ b/chart/templates/harbor/gitrepository.yaml
@@ -1,5 +1,11 @@
{{- $pkg := "harbor" }}
{{- if and (eq (get .Values.addons $pkg).sourceType "git") (not .Values.offline) (get .Values.addons $pkg).enabled }}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" (get .Values.addons $pkg).git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -11,5 +17,5 @@ spec:
ref:
{{- include "validRef" (get .Values.addons $pkg).git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/istio-operator/git-credentials.yaml b/chart/templates/istio-operator/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..aa53d5788a3126c671559c5e4cd396f1c664599a
--- /dev/null
+++ b/chart/templates/istio-operator/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "istioOperator"
+ "targetScope" .Values.istioOperator
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/istio-operator/gitrepository.yaml b/chart/templates/istio-operator/gitrepository.yaml
index 2fcd03283c9f22248dc86633884a8548aae2a183..94713ad47d51f7f08a011487020bce12f66d3cd2 100644
--- a/chart/templates/istio-operator/gitrepository.yaml
+++ b/chart/templates/istio-operator/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.istioOperator.sourceType "git") (not .Values.offline) .Values.istioOperator.enabled }}
+{{- $gitCredsDict := dict
+ "name" "istioOperator"
+ "packageGitScope" .Values.istioOperator.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.istioOperator.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/git-credentials.yaml b/chart/templates/istio/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c3fe2dd9a78414841a2ed7b98d14785877424c84
--- /dev/null
+++ b/chart/templates/istio/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "istio"
+ "targetScope" .Values.istio
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/istio/gitrepository.yaml b/chart/templates/istio/gitrepository.yaml
index 2bddba43ac433a5aa6a61d5c5c03b87658fd5e2f..7f61c8c3cf240ac629459f301ca8e3e96e436ecd 100644
--- a/chart/templates/istio/gitrepository.yaml
+++ b/chart/templates/istio/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.istio.sourceType "git") (not .Values.offline) .Values.istio.enabled }}
+{{- $gitCredsDict := dict
+ "name" "istio"
+ "packageGitScope" .Values.istio.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.istio.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/jaeger/git-credentials.yaml b/chart/templates/jaeger/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b1f69f0930bd377e1cc0af7af9bad526e69bebd5
--- /dev/null
+++ b/chart/templates/jaeger/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "jaeger"
+ "targetScope" .Values.jaeger
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/jaeger/gitrepository.yaml b/chart/templates/jaeger/gitrepository.yaml
index 9e04d3e42c1b0873962c10290bbc2a23fac18efd..5594e8e85ca63e6687f4425b896dcd7340f29745 100644
--- a/chart/templates/jaeger/gitrepository.yaml
+++ b/chart/templates/jaeger/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.jaeger.sourceType "git") (not .Values.offline) .Values.jaeger.enabled }}
+{{- $gitCredsDict := dict
+ "name" "jaeger"
+ "packageGitScope" .Values.jaeger.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.jaeger.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/keycloak/git-credentials.yaml b/chart/templates/keycloak/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9f0d87aacb828f02e777e51b668f82e600068a48
--- /dev/null
+++ b/chart/templates/keycloak/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "keycloak"
+ "targetScope" .Values.addons.keycloak
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/keycloak/gitrepository.yaml b/chart/templates/keycloak/gitrepository.yaml
index 822788afb7212bf02e40cec4f8911ae9f8778fb2..cc066c26d63fb948e5379b8682fb75a07c199a2d 100644
--- a/chart/templates/keycloak/gitrepository.yaml
+++ b/chart/templates/keycloak/gitrepository.yaml
@@ -1,5 +1,11 @@
{{- if and (eq .Values.addons.keycloak.sourceType "git") (not .Values.offline) .Values.addons.keycloak.enabled }}
{{ $name := "keycloak" }}
+{{- $gitCredsDict := dict
+ "name" $name
+ "packageGitScope" .Values.addons.keycloak.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
url: {{ .Values.addons.keycloak.git.repo }}
ref:
{{- include "validRef" .Values.addons.keycloak.git | nindent 4 }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kiali/git-credentials.yaml b/chart/templates/kiali/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e50e8d3db22067ea2614a7acaee69b54eb6cdb21
--- /dev/null
+++ b/chart/templates/kiali/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "kiali"
+ "targetScope" .Values.kiali
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/kiali/gitrepository.yaml b/chart/templates/kiali/gitrepository.yaml
index 03625c59cf942b3b49d0410f787b74598b52f20a..5ec0d1cce967d1fd4093322ae8d35cc33d1db2a6 100644
--- a/chart/templates/kiali/gitrepository.yaml
+++ b/chart/templates/kiali/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.kiali.sourceType "git") (not .Values.offline) .Values.kiali.enabled }}
+{{- $gitCredsDict := dict
+ "name" "kiali"
+ "packageGitScope" .Values.kiali.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.kiali.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/kyverno-policies/git-credentials.yaml b/chart/templates/kyverno-policies/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6819b8f70ee6dee5393e59c1e93aaf876d0f0271
--- /dev/null
+++ b/chart/templates/kyverno-policies/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "kyvernoPolicies"
+ "targetScope" .Values.kyvernoPolicies
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/kyverno-policies/gitrepository.yaml b/chart/templates/kyverno-policies/gitrepository.yaml
index 7adfca9396e63fb922150091ac3c1afc6afa58b4..03daab4357a6adf8772e9b54d1b6ca2bbd17d3f5 100644
--- a/chart/templates/kyverno-policies/gitrepository.yaml
+++ b/chart/templates/kyverno-policies/gitrepository.yaml
@@ -1,5 +1,11 @@
{{- $pkg := "kyvernoPolicies" }}
{{- if and (eq (get .Values $pkg).sourceType "git") (get .Values $pkg).enabled }}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" (get .Values $pkg).git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" (get .Values $pkg).git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kyverno-reporter/git-credentials.yaml b/chart/templates/kyverno-reporter/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..17078d6d88d76076a192577e5329cda809deac09
--- /dev/null
+++ b/chart/templates/kyverno-reporter/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "kyvernoReporter"
+ "targetScope" .Values.kyvernoReporter
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/kyverno-reporter/gitrepository.yaml b/chart/templates/kyverno-reporter/gitrepository.yaml
index 8abd8cb64389512a95be21316a5a1694ce65c470..beb593724c1a86739e211fef9167131bcdad435b 100644
--- a/chart/templates/kyverno-reporter/gitrepository.yaml
+++ b/chart/templates/kyverno-reporter/gitrepository.yaml
@@ -1,5 +1,11 @@
{{- $pkg := "kyvernoReporter" }}
{{- if and (eq (get .Values $pkg).sourceType "git") (get .Values $pkg).enabled }}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" (get .Values $pkg).git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" (get .Values $pkg).git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kyverno/git-credentials.yaml b/chart/templates/kyverno/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..94812499245ff4888fe3a5f725e6913b3c0b7466
--- /dev/null
+++ b/chart/templates/kyverno/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "kyverno"
+ "targetScope" .Values.kyverno
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/kyverno/gitrepository.yaml b/chart/templates/kyverno/gitrepository.yaml
index d548390fb468ae954acfc2799c47031df15d7a6a..2f34acd15935f0658b24fd18d7cc5cf87892f53e 100644
--- a/chart/templates/kyverno/gitrepository.yaml
+++ b/chart/templates/kyverno/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.kyverno.sourceType "git") (not .Values.offline) (or .Values.kyverno.enabled .Values.kyvernoPolicies.enabled .Values.kyvernoReporter.enabled) }}
+{{- $gitCredsDict := dict
+ "name" "kyverno"
+ "packageGitScope" .Values.kyverno.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.kyverno.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/loki/git-credentials.yaml b/chart/templates/loki/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..19988fb425e5ef1764db4d7db640f86de73d7e20
--- /dev/null
+++ b/chart/templates/loki/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "loki"
+ "targetScope" .Values.loki
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/loki/gitrepository.yaml b/chart/templates/loki/gitrepository.yaml
index 0ec6dca9c1c7acf1ddddff2473d97177f378ab21..c0b176c5a5a9a1d301ac09db1a82cc0fe99836b3 100644
--- a/chart/templates/loki/gitrepository.yaml
+++ b/chart/templates/loki/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.loki.sourceType "git") (not .Values.offline) .Values.loki.enabled }}
+{{- $gitCredsDict := dict
+ "name" "loki"
+ "packageGitScope" .Values.loki.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.loki.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/mattermost-operator/git-credentials.yaml b/chart/templates/mattermost-operator/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9c14140bb1887f82d92a47366a4bebd3f4f6995a
--- /dev/null
+++ b/chart/templates/mattermost-operator/git-credentials.yaml
@@ -0,0 +1,9 @@
+{{- $mmOpOldValues := default dict .Values.addons.mattermostoperator -}}
+{{- $mmOpValues := merge $mmOpOldValues .Values.addons.mattermostOperator -}}
+{{- $gitCredsSecretDict := dict
+ "name" "mattermostOperator"
+ "targetScope" $mmOpValues
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/mattermost-operator/gitrepository.yaml b/chart/templates/mattermost-operator/gitrepository.yaml
index 0452a376a404ba8a4316c5cfd4234cfb2cf0d6e4..778b62dc3235c73a40b06cfdb28946bbd3a2485d 100644
--- a/chart/templates/mattermost-operator/gitrepository.yaml
+++ b/chart/templates/mattermost-operator/gitrepository.yaml
@@ -1,6 +1,12 @@
{{- $mmOpOldValues := default dict .Values.addons.mattermostoperator -}}
{{- $mmOpValues := merge $mmOpOldValues .Values.addons.mattermostOperator -}}
{{- if and (eq $mmOpValues.sourceType "git") (not .Values.offline) (or $mmOpValues.enabled .Values.addons.mattermost.enabled) }}
+{{- $gitCredsDict := dict
+ "name" "mattermostOperator"
+ "packageGitScope" $mmOpValues.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -16,5 +22,5 @@ spec:
ref:
{{- include "validRef" $mmOpValues.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/mattermost/git-credentials.yaml b/chart/templates/mattermost/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..293e6972292145e2d7ec5cbcd3794162f4eae858
--- /dev/null
+++ b/chart/templates/mattermost/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "mattermost"
+ "targetScope" .Values.addons.mattermost
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/mattermost/gitrepository.yaml b/chart/templates/mattermost/gitrepository.yaml
index 505891ced3c2364bf5bcbe6c9a5f9061a905c1c3..963082c6419f96d9c5476d7b23f72f45b8e07ffc 100644
--- a/chart/templates/mattermost/gitrepository.yaml
+++ b/chart/templates/mattermost/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.mattermost.sourceType "git") .Values.addons.mattermost.enabled }}
+{{- $gitCredsDict := dict
+ "name" "mattermost"
+ "packageGitScope" .Values.addons.mattermost.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.mattermost.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/metrics-server/git-credentials.yaml b/chart/templates/metrics-server/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..feec59ea9cfb07d54ebd7734f658d561fda11c5f
--- /dev/null
+++ b/chart/templates/metrics-server/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "metricsServer"
+ "targetScope" .Values.addons.metricsServer
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/metrics-server/gitrepository.yaml b/chart/templates/metrics-server/gitrepository.yaml
index b3248ba65339b3c302522d524ad9c30420b6161d..167aec40de9f1e3c3fa0a0500a3c0ce12d0209b0 100644
--- a/chart/templates/metrics-server/gitrepository.yaml
+++ b/chart/templates/metrics-server/gitrepository.yaml
@@ -3,6 +3,12 @@
{{- $existingMetricsApi := (.Capabilities.APIVersions.Has "metrics.k8s.io/v1beta1") }}
{{- $existingMetricsHelmRelease := (lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "bigbang" "metrics-server") }}
{{- if or ( eq $enableFlag "true") (and (eq $enableFlag "auto") (or (not $existingMetricsApi) $existingMetricsHelmRelease)) }}
+{{- $gitCredsDict := dict
+ "name" "metricsServer"
+ "packageGitScope" .Values.addons.metricsServer.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -18,6 +24,6 @@ spec:
ref:
{{- include "validRef" .Values.addons.metricsServer.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
{{- end }}
diff --git a/chart/templates/minio-operator/git-credentials.yaml b/chart/templates/minio-operator/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9dcd16432850b13355bafae5b4bdf2dc446bf67d
--- /dev/null
+++ b/chart/templates/minio-operator/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "minioOperator"
+ "targetScope" .Values.addons.minioOperator
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/minio-operator/gitrepository.yaml b/chart/templates/minio-operator/gitrepository.yaml
index 5a67bad435c0bfd7184f4e22dfc833ca79998353..adbd0fd8f645e3fe2966e26b9f39b39e461ab69a 100644
--- a/chart/templates/minio-operator/gitrepository.yaml
+++ b/chart/templates/minio-operator/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.minioOperator.sourceType "git") (not .Values.offline) (or .Values.addons.minioOperator.enabled .Values.addons.minio.enabled) }}
+{{- $gitCredsDict := dict
+ "name" "minioOperator"
+ "packageGitScope" .Values.addons.minioOperator.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -10,5 +16,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.minioOperator.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/minio/git-credentials.yaml b/chart/templates/minio/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..16e0085e310b15cf5dbf08f29e27e65765a15b5b
--- /dev/null
+++ b/chart/templates/minio/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "minio"
+ "targetScope" .Values.addons.minio
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/minio/gitrepository.yaml b/chart/templates/minio/gitrepository.yaml
index 59487393ded3d6bbfdae874188ba6c80d246418f..2375bfa569316b5d8311ec1900fe43dc82d7cd17 100644
--- a/chart/templates/minio/gitrepository.yaml
+++ b/chart/templates/minio/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.minio.sourceType "git") (not .Values.offline) .Values.addons.minio.enabled }}
+{{- $gitCredsDict := dict
+ "name" "minio"
+ "packageGitScope" .Values.addons.minio.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -10,5 +16,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.minio.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/monitoring/git-credentials.yaml b/chart/templates/monitoring/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..497b3b02c06dd775d53581425bd6e43499af64f6
--- /dev/null
+++ b/chart/templates/monitoring/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "monitoring"
+ "targetScope" .Values.monitoring
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/monitoring/gitrepository.yaml b/chart/templates/monitoring/gitrepository.yaml
index f6b4ff33d964df37fd83d553bff2b3da501b7ac8..4ccd10fb00ea5ce125ae167a8080fc4634ef8e33 100644
--- a/chart/templates/monitoring/gitrepository.yaml
+++ b/chart/templates/monitoring/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.monitoring.sourceType "git") (not .Values.offline) .Values.monitoring.enabled }}
+{{- $gitCredsDict := dict
+ "name" "monitoring"
+ "packageGitScope" .Values.monitoring.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.monitoring.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/neuvector/git-credentials.yaml b/chart/templates/neuvector/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..072632cb909ded5b245260f5f238586968dd0079
--- /dev/null
+++ b/chart/templates/neuvector/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "neuvector"
+ "targetScope" .Values.neuvector
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/neuvector/gitrepository.yaml b/chart/templates/neuvector/gitrepository.yaml
index c11138f3d6c3e537af7b2bce31a1fd8674b3f752..edbf07771a8c76c18e6464a756a7f51bb99512bf 100644
--- a/chart/templates/neuvector/gitrepository.yaml
+++ b/chart/templates/neuvector/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (not .Values.offline) (eq .Values.neuvector.sourceType "git") .Values.neuvector.enabled }}
+{{- $gitCredsDict := dict
+ "name" "neuvector"
+ "packageGitScope" .Values.neuvector.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.neuvector.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
\ No newline at end of file
diff --git a/chart/templates/nexus-repository-manager/git-credentials.yaml b/chart/templates/nexus-repository-manager/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..248d84dc68c470d68b475ba1dfc24e0cd5ea907c
--- /dev/null
+++ b/chart/templates/nexus-repository-manager/git-credentials.yaml
@@ -0,0 +1,9 @@
+{{- $nexusOldValues := default dict .Values.addons.nexus -}}
+{{- $nexusValues := merge $nexusOldValues .Values.addons.nexusRepositoryManager -}}
+{{- $gitCredsSecretDict := dict
+ "name" "nexusRepositoryManager"
+ "targetScope" $nexusValues
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/nexus-repository-manager/gitrepository.yaml b/chart/templates/nexus-repository-manager/gitrepository.yaml
index d84bfae5dfddbf0fb73a3ecdea8b6af577617327..c08f1ed10e0555228edbb11c60f760abcd66671f 100644
--- a/chart/templates/nexus-repository-manager/gitrepository.yaml
+++ b/chart/templates/nexus-repository-manager/gitrepository.yaml
@@ -1,6 +1,12 @@
{{- $nexusOldValues := default dict .Values.addons.nexus -}}
{{- $nexusValues := merge $nexusOldValues .Values.addons.nexusRepositoryManager -}}
{{- if and (eq $nexusValues.sourceType "git") $nexusValues.enabled }}
+{{- $gitCredsDict := dict
+ "name" "nexusRepositoryManager"
+ "packageGitScope" $nexusValues.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -16,5 +22,5 @@ spec:
ref:
{{- include "validRef" $nexusValues.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/package/git-credentials.yaml b/chart/templates/package/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..af267d1fcf6dff8c6aa13c5e53365a88504832f5
--- /dev/null
+++ b/chart/templates/package/git-credentials.yaml
@@ -0,0 +1,19 @@
+{{- /* Used for GitOps on a package's Helm chart */ -}}
+{{- range $pkg, $vals := .Values.packages -}}
+{{- if and (dig "enabled" true $vals) ($vals.git) -}}
+{{- $pkg = include "resourceName" $pkg -}}
+{{- $defaults := $.Files.Get (printf "defaults/%s.yaml" $pkg) -}}
+{{- if $defaults -}}
+{{- $vals := merge $vals ($defaults | fromYaml).package -}}
+{{- end -}}
+{{- $namespace := dig "namespace" "name" $pkg $vals }}
+{{- $gitCredsSecretDict := dict
+ "name" $pkg
+ "targetScope" $vals
+ "releaseName" $pkg
+ "releaseNamespace" $namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 }}
+---
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/chart/templates/package/gitrepository.yaml b/chart/templates/package/gitrepository.yaml
index 965452c1e9bb2a7b6a957281f47839e442d52abe..1873103edfd43d42f5ddbdd47009c885154fb976 100644
--- a/chart/templates/package/gitrepository.yaml
+++ b/chart/templates/package/gitrepository.yaml
@@ -7,6 +7,12 @@
{{- $vals := merge $vals ($defaults | fromYaml).package -}}
{{- end -}}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" $vals.git
+ "rootScope" $
+ "releaseName" $pkg
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -20,7 +26,7 @@ spec:
url: {{ dig "git" "repo" nil $vals }}
ref:
{{- include "validRef" $vals.git | nindent 4 -}}
- {{- include "gitCreds" $ | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
---
{{- end -}}
{{- end -}}
\ No newline at end of file
diff --git a/chart/templates/promtail/git-credentials.yaml b/chart/templates/promtail/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9cdc75e49a79c7317bfc88c5658dd65573df3825
--- /dev/null
+++ b/chart/templates/promtail/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "promtail"
+ "targetScope" .Values.promtail
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/promtail/gitrepository.yaml b/chart/templates/promtail/gitrepository.yaml
index b8d129ffc71f5f4450fc8b22ebdd3529892ee518..eac60e10e434f7a1608a582eb403a033ea59db94 100644
--- a/chart/templates/promtail/gitrepository.yaml
+++ b/chart/templates/promtail/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.promtail.sourceType "git") (not .Values.offline) .Values.promtail.enabled }}
+{{- $gitCredsDict := dict
+ "name" "promtail"
+ "packageGitScope" .Values.promtail.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.promtail.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/secrets/gitcredential.yaml b/chart/templates/secrets/gitcredential.yaml
deleted file mode 100644
index b06fbf6dc93d5fb6fbe1f918a0e25be3f41b40bd..0000000000000000000000000000000000000000
--- a/chart/templates/secrets/gitcredential.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- /* Used for GitOps on Helm charts. One per namespace */ -}}
-{{- if not (dig "existingSecret" nil .Values.git) -}}
-{{- range $ns := compact (splitList " " (include "uniqueNamespaces" (merge (dict "default" true) $))) -}}
-{{- with (dig "credentials" dict $.Values.git) -}}
-{{- if or .username .password .caFile .privateKey .publicKey .knownHosts -}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ $.Release.Name }}-git-credentials
- namespace: {{ $ns }}
- labels:
- app.kubernetes.io/name: {{ $.Release.Name }}-git-credentials
- {{- include "commonLabels" $ | nindent 4 }}
-type: Opaque
-data:
- {{- if .caFile }}
- caFile: {{ .caFile | b64enc }}
- {{- end -}}
-
- {{- if and .username .password }}
- username: {{ .username | b64enc }}
- password: {{ .password | b64enc }}
- {{- else if or .username .password -}}
- {{- fail "When using http git credentials, all of these must be specified: username, and password" -}}
- {{- end -}}
-
- {{- if and .privateKey .publicKey .knownHosts }}
- identity: {{ .privateKey | b64enc }}
- identity.pub: {{ .publicKey | b64enc }}
- known_hosts: {{ .knownHosts | b64enc }}
- {{- else if or .privateKey .publicKey .knownHosts -}}
- {{- fail "When using ssh git credentials, all of these must be specified: privateKey, publicKey, and knownHosts" -}}
- {{- end }}
----
-{{ end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
\ No newline at end of file
diff --git a/chart/templates/sonarqube/git-credentials.yaml b/chart/templates/sonarqube/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6f90e1238092b64287d6585a7eb6f5138352c5a6
--- /dev/null
+++ b/chart/templates/sonarqube/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "sonarqube"
+ "targetScope" .Values.addons.sonarqube
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/sonarqube/gitrepository.yaml b/chart/templates/sonarqube/gitrepository.yaml
index b14af556bbe6d4221954ed60375f5aca2e64a936..1e870c1b3f03fc7ea521541db1169e427e5afc0f 100644
--- a/chart/templates/sonarqube/gitrepository.yaml
+++ b/chart/templates/sonarqube/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.sonarqube.sourceType "git") (not .Values.offline) .Values.addons.sonarqube.enabled }}
+{{- $gitCredsDict := dict
+ "name" "sonarqube"
+ "packageGitScope" .Values.addons.sonarqube.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -10,5 +16,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.sonarqube.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/tempo/git-credentials.yaml b/chart/templates/tempo/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..44f85e5e6299fc7e885d7eba98e27e849e2f5bde
--- /dev/null
+++ b/chart/templates/tempo/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "tempo"
+ "targetScope" .Values.tempo
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/tempo/gitrepository.yaml b/chart/templates/tempo/gitrepository.yaml
index 574d642e69379d94780b0606544dd87b40e4feee..4d246b3bd0c3a5ac71256ea16cf3955bfe1c5529 100644
--- a/chart/templates/tempo/gitrepository.yaml
+++ b/chart/templates/tempo/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.tempo.sourceType "git") (not .Values.offline) .Values.tempo.enabled }}
+{{- $gitCredsDict := dict
+ "name" "tempo"
+ "packageGitScope" .Values.tempo.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.tempo.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/twistlock/git-credentials.yaml b/chart/templates/twistlock/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d1e3f50cf7294c7d760146724e897bbc664ba69e
--- /dev/null
+++ b/chart/templates/twistlock/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "twistlock"
+ "targetScope" .Values.twistlock
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/twistlock/gitrepository.yaml b/chart/templates/twistlock/gitrepository.yaml
index c04eeb744a578c277f79aaccc88b6476f9aa5b9b..0844bb76baeb13195d038169f39150998944eb0a 100644
--- a/chart/templates/twistlock/gitrepository.yaml
+++ b/chart/templates/twistlock/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.twistlock.sourceType "git") (not .Values.offline) .Values.twistlock.enabled }}
+{{- $gitCredsDict := dict
+ "name" "twistlock"
+ "packageGitScope" .Values.twistlock.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -15,5 +21,5 @@ spec:
{{- include "validRef" .Values.twistlock.git | nindent 4 }}
{{ include "gitIgnore" . }}
!/chart/scripts/*.sh
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/vault/git-credentials.yaml b/chart/templates/vault/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0ea2da4e4cf26da5c536ced19f2675b6a17a9b35
--- /dev/null
+++ b/chart/templates/vault/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "vault"
+ "targetScope" .Values.addons.vault
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/vault/gitrepository.yaml b/chart/templates/vault/gitrepository.yaml
index 8a1ad6b0d69a1258e08fd776af97adbc493f1dea..1e591c3df7a2924d327b5e013a513893f6f9d247 100644
--- a/chart/templates/vault/gitrepository.yaml
+++ b/chart/templates/vault/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.vault.sourceType "git") (not .Values.offline) .Values.addons.vault.enabled }}
+{{- $gitCredsDict := dict
+ "name" "vault"
+ "packageGitScope" .Values.addons.vault.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.vault.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/velero/git-credentials.yaml b/chart/templates/velero/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..74f09ace83fdbf24071a2effcbf7587876e3dc41
--- /dev/null
+++ b/chart/templates/velero/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "velero"
+ "targetScope" .Values.addons.velero
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/velero/gitrepository.yaml b/chart/templates/velero/gitrepository.yaml
index 519a1f1baca81c6b183a523a9acbe29a30c4d457..1244a5f68a245b5c2e43981063d865f0fc8e73df 100644
--- a/chart/templates/velero/gitrepository.yaml
+++ b/chart/templates/velero/gitrepository.yaml
@@ -1,4 +1,10 @@
{{- if and (eq .Values.addons.velero.sourceType "git") .Values.addons.velero.enabled }}
+{{- $gitCredsDict := dict
+ "name" "velero"
+ "packageGitScope" .Values.addons.velero.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -14,5 +20,5 @@ spec:
ref:
{{- include "validRef" .Values.addons.velero.git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
diff --git a/chart/templates/wrapper/git-credentials.yaml b/chart/templates/wrapper/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c549b4cc487f9a880faef81835ab3e4a46dc479c
--- /dev/null
+++ b/chart/templates/wrapper/git-credentials.yaml
@@ -0,0 +1,8 @@
+{{- $pkg := print .Release.Name "-wrapper" -}}
+{{- $gitCredsSecretDict := dict
+ "name" $pkg
+ "targetScope" .Values.wrapper
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
diff --git a/chart/templates/wrapper/gitrepository.yaml b/chart/templates/wrapper/gitrepository.yaml
index c79178d1a3fa193a9a4424bf37a4be1ca913f61b..6e7cf3b9c883ad8126fe205c0331c4deff4697ab 100644
--- a/chart/templates/wrapper/gitrepository.yaml
+++ b/chart/templates/wrapper/gitrepository.yaml
@@ -1,17 +1,24 @@
{{- /* Used for GitOps of the BigBang package wrapper Helm chart. Shared by all packages */ -}}
{{- if and .Values.wrapper (eq .Values.wrapper.sourceType "git") (omit (default dict .Values.packages) "sample") -}}
+{{- $pkg := print .Release.Name "-wrapper" -}}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" .Values.wrapper.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
- name: {{ .Release.Name }}-wrapper
+ name: {{ $pkg }}
namespace: {{ .Release.Namespace }}
labels:
- app.kubernetes.io/name: {{ .Release.Name }}-wrapper
+ app.kubernetes.io/name: {{ $pkg }}
{{- include "commonLabels" $ | nindent 4 }}
spec:
interval: {{ dig "interval" "5m" .Values.flux }}
url: {{ .Values.wrapper.git.repo }}
ref:
{{- include "validRef" .Values.wrapper.git | nindent 4 -}}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end -}}
\ No newline at end of file
diff --git a/chart/values.schema.json b/chart/values.schema.json
index e3942294c327ec0fb94883af93233fba076f6bda..9333139f6fb489f5c58cd744298f5f6bcfc8b4e1 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -580,8 +580,12 @@
"flux": true,
"values": true,
"postRenderers": true,
- "istio": { "$ref": "#/$defs/istio" },
- "ingress": { "$ref": "#/$defs/ingress" },
+ "istio": {
+ "$ref": "#/$defs/istio"
+ },
+ "ingress": {
+ "$ref": "#/$defs/ingress"
+ },
"sso": {
"type": "object",
"required": [
@@ -679,8 +683,8 @@
"flux": true,
"values": true,
"postRenderers": true,
- "istio": {
- "$ref": "#/$defs/istio"
+ "istio": {
+ "$ref": "#/$defs/istio"
},
"ingress": {
"$ref": "#/$defs/ingress"
@@ -783,8 +787,8 @@
"flux": true,
"values": true,
"postRenderers": true,
- "istio": {
- "$ref": "#/$defs/istio"
+ "istio": {
+ "$ref": "#/$defs/istio"
},
"ingress": {
"$ref": "#/$defs/ingress"
@@ -1196,7 +1200,9 @@
],
"if": {
"properties": {
- "sourceType": { "const": "git" }
+ "sourceType": {
+ "const": "git"
+ }
}
},
"then": {
@@ -1205,7 +1211,9 @@
"$ref": "#/$defs/git"
}
},
- "required": ["git"]
+ "required": [
+ "git"
+ ]
},
"else": {
"properties": {
@@ -1213,14 +1221,19 @@
"$ref": "#/$defs/helmRepo"
}
},
- "required": ["helmRepo"]
+ "required": [
+ "helmRepo"
+ ]
},
"properties": {
"enabled": {
"$ref": "#/$defs/enabled"
},
"sourceType": {
- "enum": ["git", "helmRepo"]
+ "enum": [
+ "git",
+ "helmRepo"
+ ]
},
"flux": {
"$ref": "#/$defs/flux"
@@ -1314,9 +1327,12 @@
"kubeConfig": {
"description": "KubeConfig for reconciling the HelmRelease on a remote cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the --default-service-account flag is set, its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName is empty.",
"type": "object",
+ "required": [
+ "secretRef"
+ ],
"properties": {
"secretRef": {
- "description": "SecretRef holds the name to a secret that contains a key with the kubeconfig file as the value. If no key is specified the key will default to 'value'. The secret must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease.",
+ "description": "SecretRef holds the name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources.",
"type": "object",
"required": [
"name"
@@ -1338,6 +1354,10 @@
"description": "MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.",
"type": "integer"
},
+ "persistentClient": {
+ "description": "PersistentClient tells the controller to use a persistent Kubernetes client for this release. When enabled, the client will be reused for the duration of the reconciliation, instead of being created and destroyed for each (step of a) Helm action. \n This can improve performance, but may cause issues with some Helm charts that for example do create Custom Resource Definitions during installation outside Helm's CRD lifecycle hooks, which are then not observed to be available by e.g. post-install hooks. \n If not set, it defaults to true.",
+ "type": "boolean"
+ },
"releaseName": {
"description": "ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.",
"type": "string",
@@ -1421,6 +1441,16 @@
"description": "Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.",
"type": "object",
"properties": {
+ "deletionPropagation": {
+ "description": "DeletionPropagation specifies the deletion propagation policy when a Helm uninstall is performed.",
+ "type": "string",
+ "default": "background",
+ "enum": [
+ "background",
+ "foreground",
+ "orphan"
+ ]
+ },
"disableHooks": {
"description": "DisableHooks prevents hooks from running during the Helm rollback action.",
"type": "boolean"
@@ -1610,6 +1640,49 @@
},
"semver": {
"type": "string"
+ },
+ "existingSecret": {
+ "type": "string"
+ },
+ "credentials": {
+ "type": "object",
+ "properties": {
+ "username": {
+ "type": "string"
+ },
+ "password": {
+ "type": "string"
+ },
+ "caFile": {
+ "type": "string"
+ },
+ "privateKey": {
+ "type": "string"
+ },
+ "publicKey": {
+ "type": "string"
+ },
+ "knownHosts": {
+ "type": "string"
+ }
+ },
+ "required": [],
+ "anyOf": [
+ {
+ "required": [
+ "username",
+ "password"
+ ]
+ },
+ {
+ "required": [
+ "privateKey",
+ "publicKey",
+ "knownHosts"
+ ]
+ }
+ ],
+ "additionalProperties": false
}
},
"additionalProperties": false,
@@ -1667,6 +1740,9 @@
"items": {
"description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should be applied to.",
"type": "object",
+ "required": [
+ "patch"
+ ],
"properties": {
"patch": {
"description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with an array of operation objects.",
@@ -1864,16 +1940,21 @@
"additionalProperties": false
},
"sourceType": {
- "enum": ["helmRepo", "git"]
+ "enum": [
+ "helmRepo",
+ "git"
+ ]
},
"istio": {
"type": "object",
"properties": {
"injection": {
- "enum": ["enabled", "disabled"]
+ "enum": [
+ "enabled",
+ "disabled"
+ ]
}
}
}
}
}
-
diff --git a/chart/values.yaml b/chart/values.yaml
index 3115ec049f8b83ad8c6a2db9d647dd3dc70b9ca4..53b51c0a940f3207535bb006b23b86ecfe7b0448 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1962,6 +1962,9 @@ packages:
# @default -- true
enabled: false
+ # -- Choose source type of "git" ("helmRepo" not supported yet)
+ sourceType: "git"
+
# -- Toggle wrapper functionality. See https://docs-bigbang.dso.mil/latest/docs/guides/deployment-scenarios/extra-package-deployment/#Wrapper-Deployment for more details.
# @default -- false
wrapper:
@@ -1997,6 +2000,19 @@ packages:
# -- Path inside of the git repo to find the helm chart or kustomize
# @default -- For Helm charts `chart`. For Kustomize `/`.
path:
+ # -- Optional, alternative existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
+ existingSecret: ""
+ # -- Optional, alternative Chart created secrets with user defined values
+ credentials:
+ # -- HTTP git credentials, both username and password must be provided
+ username: ""
+ password: ""
+ # -- HTTPS certificate authority file. Required for any repo with a self signed certificate
+ caFile: ""
+ # -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
+ privateKey: ""
+ publicKey: ""
+ knownHosts: ""
# -- Override flux settings for this package
flux: {}
diff --git a/docs/developer/package-integration/flux.md b/docs/developer/package-integration/flux.md
index 16c10ec47f5f00738519d72d1be66c9fedcbbeff..6f4c993f4c61df509197ed8335256c8b49fb4f55 100644
--- a/docs/developer/package-integration/flux.md
+++ b/docs/developer/package-integration/flux.md
@@ -91,6 +91,12 @@ Flux's source controller uses the [GitRepository](https://fluxcd.io/docs/compone
```yaml
{{- $pkg := "podinfo" }}
{{- if (get .Values $pkg).enabled }}
+{{- $gitCredsDict := dict
+ "name" $pkg
+ "packageGitScope" (get .Values pkg).git
+ "rootScope" .
+ "releaseName" $.Release.Name
+}}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
@@ -105,7 +111,7 @@ spec:
ref:
{{- include "validRef" (get .Values $pkg).git | nindent 4 }}
{{ include "gitIgnore" . }}
- {{- include "gitCreds" . | nindent 2 }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
{{- end }}
```