From 662b13db5b0c3e41de8e44d3e2f3d79897da524b Mon Sep 17 00:00:00 2001
From: runyontr <tom@runyon.dev>
Date: Fri, 14 May 2021 19:46:07 +0000
Subject: [PATCH] Breakout secrets into individual files

---
 chart/templates/anchore/imagepullsecret.yaml  |  12 ++
 chart/templates/anchore/namespace.yaml        |  12 --
 chart/templates/argocd/imagepullsecret.yaml   |  12 ++
 chart/templates/argocd/namespace.yaml         |  12 --
 .../authservice/imagepullsecret.yaml          |  12 ++
 chart/templates/authservice/namespace.yaml    |  13 ---
 .../templates/gatekeeper/imagepullsecret.yaml |  16 +++
 chart/templates/gatekeeper/namespace.yaml     |  16 ---
 chart/templates/gitlab/imagepullsecret.yaml   |  16 +++
 chart/templates/gitlab/namespace.yaml         | 110 ------------------
 chart/templates/gitlab/secret-database.yaml   |  12 ++
 .../templates/gitlab/secret-objectstore.yaml  |  47 ++++++++
 chart/templates/gitlab/secret-sso.yaml        |  33 ++++++
 .../imagepullsecret-kubesystem.yaml           |  12 ++
 .../istio/controlplane/imagepullsecret.yaml   |  16 +++
 .../istio/controlplane/namespace.yaml         |  42 -------
 .../istio/controlplane/secret-tls.yaml        |  15 +++
 .../templates/istio/controlplane/values.yaml  |   1 -
 .../istio/operator/imagepullsecret.yaml       |  14 +++
 chart/templates/istio/operator/namespace.yaml |  15 ---
 .../logging/eck-operator/imagepullsecret.yaml |  16 +++
 .../logging/eck-operator/namespace.yaml       |  15 ---
 .../elasticsearch-kibana/imagepullsecret.yaml |  16 +++
 .../elasticsearch-kibana/namespace.yaml       |  15 ---
 .../mattermost/imagepullsecret.yaml           |  16 +++
 .../mattermost/mattermost/namespace.yaml      |  56 ---------
 .../mattermost/secret-database.yaml           |  19 +++
 .../mattermost/secret-objectstore.yaml        |  19 +++
 .../mattermost/operator/imagepullsecret.yaml  |  16 +++
 .../mattermost/operator/namespace.yaml        |  15 ---
 .../minio/minio-operator/imagepullsecret.yaml |  16 +++
 .../minio/minio/imagepullsecret.yaml          |  12 ++
 chart/templates/minio/minio/namespace.yaml    |  22 ----
 chart/templates/minio/minio/secret.yaml       |  12 ++
 .../templates/monitoring/imagepullsecret.yaml |  16 +++
 chart/templates/monitoring/namespace.yaml     |  15 ---
 .../templates/sonarqube/imagepullsecret.yaml  |  12 ++
 chart/templates/sonarqube/namespace.yaml      |  23 ----
 .../templates/sonarqube/secret-database.yaml  |  13 +++
 .../templates/twistlock/imagepullsecret.yaml  |  16 +++
 chart/templates/twistlock/namespace.yaml      |  15 ---
 chart/templates/velero/imagepullsecret.yaml   |  16 +++
 chart/templates/velero/namespace.yaml         |  16 ---
 43 files changed, 432 insertions(+), 413 deletions(-)
 create mode 100644 chart/templates/anchore/imagepullsecret.yaml
 create mode 100644 chart/templates/argocd/imagepullsecret.yaml
 create mode 100644 chart/templates/authservice/imagepullsecret.yaml
 create mode 100644 chart/templates/gatekeeper/imagepullsecret.yaml
 create mode 100644 chart/templates/gitlab/imagepullsecret.yaml
 create mode 100644 chart/templates/gitlab/secret-database.yaml
 create mode 100644 chart/templates/gitlab/secret-objectstore.yaml
 create mode 100644 chart/templates/gitlab/secret-sso.yaml
 create mode 100644 chart/templates/istio/controlplane/imagepullsecret-kubesystem.yaml
 create mode 100644 chart/templates/istio/controlplane/imagepullsecret.yaml
 create mode 100644 chart/templates/istio/controlplane/secret-tls.yaml
 create mode 100644 chart/templates/istio/operator/imagepullsecret.yaml
 create mode 100644 chart/templates/logging/eck-operator/imagepullsecret.yaml
 create mode 100644 chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
 create mode 100644 chart/templates/mattermost/mattermost/imagepullsecret.yaml
 create mode 100644 chart/templates/mattermost/mattermost/secret-database.yaml
 create mode 100644 chart/templates/mattermost/mattermost/secret-objectstore.yaml
 create mode 100644 chart/templates/mattermost/operator/imagepullsecret.yaml
 create mode 100644 chart/templates/minio/minio-operator/imagepullsecret.yaml
 create mode 100644 chart/templates/minio/minio/imagepullsecret.yaml
 create mode 100644 chart/templates/minio/minio/secret.yaml
 create mode 100644 chart/templates/monitoring/imagepullsecret.yaml
 create mode 100644 chart/templates/sonarqube/imagepullsecret.yaml
 create mode 100644 chart/templates/sonarqube/secret-database.yaml
 create mode 100644 chart/templates/twistlock/imagepullsecret.yaml
 create mode 100644 chart/templates/velero/imagepullsecret.yaml

diff --git a/chart/templates/anchore/imagepullsecret.yaml b/chart/templates/anchore/imagepullsecret.yaml
new file mode 100644
index 0000000000..0493bb0d0a
--- /dev/null
+++ b/chart/templates/anchore/imagepullsecret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.addons.anchore.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: anchore
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/anchore/namespace.yaml b/chart/templates/anchore/namespace.yaml
index 353a01b0dd..c6ce7c1457 100644
--- a/chart/templates/anchore/namespace.yaml
+++ b/chart/templates/anchore/namespace.yaml
@@ -5,16 +5,4 @@ metadata:
   labels:
     app: {{ .Release.Name }}-anchore
   name: anchore
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: anchore
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/argocd/imagepullsecret.yaml b/chart/templates/argocd/imagepullsecret.yaml
new file mode 100644
index 0000000000..b1dd59ae3c
--- /dev/null
+++ b/chart/templates/argocd/imagepullsecret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.addons.argocd.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: argocd
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/argocd/namespace.yaml b/chart/templates/argocd/namespace.yaml
index 69ff0643c0..e910b43ca7 100644
--- a/chart/templates/argocd/namespace.yaml
+++ b/chart/templates/argocd/namespace.yaml
@@ -7,16 +7,4 @@ metadata:
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
   name: argocd
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: argocd
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
diff --git a/chart/templates/authservice/imagepullsecret.yaml b/chart/templates/authservice/imagepullsecret.yaml
new file mode 100644
index 0000000000..19020efe41
--- /dev/null
+++ b/chart/templates/authservice/imagepullsecret.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled ) }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: authservice
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/authservice/namespace.yaml b/chart/templates/authservice/namespace.yaml
index 93f851b91e..6cbaf46371 100644
--- a/chart/templates/authservice/namespace.yaml
+++ b/chart/templates/authservice/namespace.yaml
@@ -7,17 +7,4 @@ metadata:
   labels:
     istio-injection: enabled
   {{- end }}
-
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: authservice
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
-
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/gatekeeper/imagepullsecret.yaml b/chart/templates/gatekeeper/imagepullsecret.yaml
new file mode 100644
index 0000000000..e85dccbe33
--- /dev/null
+++ b/chart/templates/gatekeeper/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: gatekeeper-system
+  labels:
+    app.kubernetes.io/name: gatekeeper
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/gatekeeper/namespace.yaml b/chart/templates/gatekeeper/namespace.yaml
index e4e924baf3..cb6fe1dcf2 100644
--- a/chart/templates/gatekeeper/namespace.yaml
+++ b/chart/templates/gatekeeper/namespace.yaml
@@ -10,20 +10,4 @@ metadata:
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
   name: gatekeeper-system
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: gatekeeper-system
-  labels:
-    app.kubernetes.io/name: gatekeeper
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/gitlab/imagepullsecret.yaml b/chart/templates/gitlab/imagepullsecret.yaml
new file mode 100644
index 0000000000..a0bc9db47d
--- /dev/null
+++ b/chart/templates/gitlab/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: gitlab
+  labels:
+    app.kubernetes.io/name: gitlab
+    app.kubernetes.io/component: "developer-tools"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/gitlab/namespace.yaml b/chart/templates/gitlab/namespace.yaml
index 5dcb324642..52127acc5b 100644
--- a/chart/templates/gitlab/namespace.yaml
+++ b/chart/templates/gitlab/namespace.yaml
@@ -7,114 +7,4 @@ metadata:
     app.kubernetes.io/component: "developer-tools"
     {{- include "commonLabels" . | nindent 4}}
   name: gitlab
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: gitlab
-  labels:
-    app.kubernetes.io/name: gitlab
-    app.kubernetes.io/component: "developer-tools"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
----
-{{- end }}
-{{- if .Values.addons.gitlab.enabled }}
-# create sso secret. The assumption is OIDC
-{{- if .Values.addons.gitlab.sso.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitlab-sso-provider
-  namespace: gitlab
-type: kubernetes.io/opaque
-stringData:
-  gitlab-sso.json: |-
-    {
-      "name": "openid_connect",
-      "label": "{{ .Values.addons.gitlab.sso.label }}",
-      "args": {
-        "name": "openid_connect",
-        "scope": [
-          "Gitlab"
-        ],
-        "response_type": "code",
-        "issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
-        "client_auth_method": "query",
-        "discovery": true,
-        "uid_field": "preferred_username",
-        "client_options": {
-          "identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
-          "secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
-          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}/users/auth/openid_connect/callback",
-          "end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
-        }
-      }
-    }
-{{- end }}
----
-# create database secret
-{{- if .Values.addons.gitlab.database.host }}
-apiVersion: v1
-kind: Secret
-metadata:
-    name: gitlab-database
-    namespace: gitlab
-type: kubernetes.io/opaque
-stringData:
-    PGPASSWORD: {{ .Values.addons.gitlab.database.password }}
-{{- end }}
----
-# create object storage secret
-{{- if .Values.addons.gitlab.objectStorage.endpoint }}
-apiVersion: v1
-kind: Secret
-metadata:
-    name: gitlab-object-storage
-    namespace: gitlab
-type: kubernetes.io/opaque
-stringData:
-    rails: |-
-      provider: AWS
-      region: {{ .Values.addons.gitlab.objectStorage.region }}
-      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
-      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
-      {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
-      aws_signature_version: 4
-      host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
-      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
-      path_style: true
-      {{- end }}
-    registry: |-
-      s3:
-        {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
-        bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
-        {{- else }}
-        bucket: gitlab-registry
-        {{- end }}
-        accesskey: {{ .Values.addons.gitlab.objectStorage.accessKey }}
-        secretkey: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
-        region: {{ .Values.addons.gitlab.objectStorage.region }}
-        {{- if eq .Values.addons.gitlab.objectStorage.type "s3" }}
-        v4auth: true
-        {{- end }}
-        {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
-        aws_signature_version: 4
-        host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
-        regionendpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
-        path_style: true
-        {{- end }}
-    backups: |-
-      [default]
-      access_key = {{ .Values.addons.gitlab.objectStorage.accessKey }}
-      secret_key = {{ .Values.addons.gitlab.objectStorage.accessSecret }}
-      bucket_location = {{ .Values.addons.gitlab.objectStorage.region }}
-      host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectStorage.endpoint "" }}
-{{- end }}
-
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/gitlab/secret-database.yaml b/chart/templates/gitlab/secret-database.yaml
new file mode 100644
index 0000000000..1e51e4923b
--- /dev/null
+++ b/chart/templates/gitlab/secret-database.yaml
@@ -0,0 +1,12 @@
+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if .Values.addons.gitlab.database.host }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitlab-database
+    namespace: gitlab
+type: kubernetes.io/opaque
+stringData:
+    PGPASSWORD: {{ .Values.addons.gitlab.database.password }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/gitlab/secret-objectstore.yaml b/chart/templates/gitlab/secret-objectstore.yaml
new file mode 100644
index 0000000000..3b58eabef9
--- /dev/null
+++ b/chart/templates/gitlab/secret-objectstore.yaml
@@ -0,0 +1,47 @@
+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if .Values.addons.gitlab.objectStorage.endpoint }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitlab-object-storage
+    namespace: gitlab
+type: kubernetes.io/opaque
+stringData:
+    rails: |-
+      provider: AWS
+      region: {{ .Values.addons.gitlab.objectStorage.region }}
+      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
+      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
+      aws_signature_version: 4
+      host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
+      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
+      path_style: true
+      {{- end }}
+    registry: |-
+      s3:
+        {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+        bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
+        {{- else }}
+        bucket: gitlab-registry
+        {{- end }}
+        accesskey: {{ .Values.addons.gitlab.objectStorage.accessKey }}
+        secretkey: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+        region: {{ .Values.addons.gitlab.objectStorage.region }}
+        {{- if eq .Values.addons.gitlab.objectStorage.type "s3" }}
+        v4auth: true
+        {{- end }}
+        {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
+        aws_signature_version: 4
+        host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
+        regionendpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
+        path_style: true
+        {{- end }}
+    backups: |-
+      [default]
+      access_key = {{ .Values.addons.gitlab.objectStorage.accessKey }}
+      secret_key = {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      bucket_location = {{ .Values.addons.gitlab.objectStorage.region }}
+      host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectStorage.endpoint "" }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/gitlab/secret-sso.yaml b/chart/templates/gitlab/secret-sso.yaml
new file mode 100644
index 0000000000..d193123305
--- /dev/null
+++ b/chart/templates/gitlab/secret-sso.yaml
@@ -0,0 +1,33 @@
+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if .Values.addons.gitlab.sso.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitlab-sso-provider
+  namespace: gitlab
+type: kubernetes.io/opaque
+stringData:
+  gitlab-sso.json: |-
+    {
+      "name": "openid_connect",
+      "label": "{{ .Values.addons.gitlab.sso.label }}",
+      "args": {
+        "name": "openid_connect",
+        "scope": [
+          "Gitlab"
+        ],
+        "response_type": "code",
+        "issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
+        "client_auth_method": "query",
+        "discovery": true,
+        "uid_field": "preferred_username",
+        "client_options": {
+          "identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
+          "secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
+          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}/users/auth/openid_connect/callback",
+          "end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
+        }
+      }
+    }
+{{- end }}
+{{- end}}
\ No newline at end of file
diff --git a/chart/templates/istio/controlplane/imagepullsecret-kubesystem.yaml b/chart/templates/istio/controlplane/imagepullsecret-kubesystem.yaml
new file mode 100644
index 0000000000..20ba0d712d
--- /dev/null
+++ b/chart/templates/istio/controlplane/imagepullsecret-kubesystem.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.istio.enabled }}
+{{- if and .Values.openshift ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: kube-system
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/controlplane/imagepullsecret.yaml b/chart/templates/istio/controlplane/imagepullsecret.yaml
new file mode 100644
index 0000000000..350ef47e68
--- /dev/null
+++ b/chart/templates/istio/controlplane/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.istio.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/controlplane/namespace.yaml b/chart/templates/istio/controlplane/namespace.yaml
index fc17057228..229adcef72 100644
--- a/chart/templates/istio/controlplane/namespace.yaml
+++ b/chart/templates/istio/controlplane/namespace.yaml
@@ -7,46 +7,4 @@ metadata:
     app.kubernetes.io/name: istio-controlplane
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: istio-system
-  labels:
-    app.kubernetes.io/name: istio-controlplane
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- if .Values.openshift }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: kube-system
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
-{{- end }}
----
-{{- if and .Values.istio.ingress.key .Values.istio.ingress.cert }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wildcard-cert
-  namespace: istio-system
-  labels:
-    app.kubernetes.io/name: istio-controlplane
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/tls
-data:
-  tls.crt: {{ .Values.istio.ingress.cert | b64enc }}
-  tls.key: {{ .Values.istio.ingress.key | b64enc}}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/controlplane/secret-tls.yaml b/chart/templates/istio/controlplane/secret-tls.yaml
new file mode 100644
index 0000000000..a47b7ad67f
--- /dev/null
+++ b/chart/templates/istio/controlplane/secret-tls.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.istio.enabled  (and .Values.istio.ingress.key .Values.istio.ingress.cert ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-cert
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.istio.ingress.cert | b64enc }}
+  tls.key: {{ .Values.istio.ingress.key | b64enc}}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/controlplane/values.yaml b/chart/templates/istio/controlplane/values.yaml
index a35424be16..0253096611 100644
--- a/chart/templates/istio/controlplane/values.yaml
+++ b/chart/templates/istio/controlplane/values.yaml
@@ -12,5 +12,4 @@ imagePullSecrets:
   - private-registry
 
 openshift: {{ .Values.openshift }}
-
 {{- end -}}
diff --git a/chart/templates/istio/operator/imagepullsecret.yaml b/chart/templates/istio/operator/imagepullsecret.yaml
new file mode 100644
index 0000000000..619750b5df
--- /dev/null
+++ b/chart/templates/istio/operator/imagepullsecret.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.istiooperator.enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: istio-operator
+  labels:
+    app.kubernetes.io/name: istio-operator
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/operator/namespace.yaml b/chart/templates/istio/operator/namespace.yaml
index 2064232396..de908194a5 100644
--- a/chart/templates/istio/operator/namespace.yaml
+++ b/chart/templates/istio/operator/namespace.yaml
@@ -9,19 +9,4 @@ metadata:
     app.kubernetes.io/name: istio-operator
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: istio-operator
-  labels:
-    app.kubernetes.io/name: istio-operator
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/logging/eck-operator/imagepullsecret.yaml b/chart/templates/logging/eck-operator/imagepullsecret.yaml
new file mode 100644
index 0000000000..9576662b2e
--- /dev/null
+++ b/chart/templates/logging/eck-operator/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.eckoperator.enabled .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: eck-operator
+  labels:
+    app.kubernetes.io/name: eck-operator
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/logging/eck-operator/namespace.yaml b/chart/templates/logging/eck-operator/namespace.yaml
index 3ee547f99c..a048f86180 100644
--- a/chart/templates/logging/eck-operator/namespace.yaml
+++ b/chart/templates/logging/eck-operator/namespace.yaml
@@ -7,19 +7,4 @@ metadata:
     app.kubernetes.io/name: eck-operator
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: eck-operator
-  labels:
-    app.kubernetes.io/name: eck-operator
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
new file mode 100644
index 0000000000..cd2629e8cb
--- /dev/null
+++ b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: logging
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/logging/elasticsearch-kibana/namespace.yaml b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
index d7d8fd0360..217eaa43df 100644
--- a/chart/templates/logging/elasticsearch-kibana/namespace.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
@@ -18,19 +18,4 @@ metadata:
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
     istio-injection: {{ $istioInjection }}
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: logging
-  labels:
-    app.kubernetes.io/name: logging
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/mattermost/mattermost/imagepullsecret.yaml b/chart/templates/mattermost/mattermost/imagepullsecret.yaml
new file mode 100644
index 0000000000..07f038f474
--- /dev/null
+++ b/chart/templates/mattermost/mattermost/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.addons.mattermost.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: mattermost
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mattermost/mattermost/namespace.yaml b/chart/templates/mattermost/mattermost/namespace.yaml
index a52632cc6e..dc8e75f2bb 100644
--- a/chart/templates/mattermost/mattermost/namespace.yaml
+++ b/chart/templates/mattermost/mattermost/namespace.yaml
@@ -8,60 +8,4 @@ metadata:
     app.kubernetes.io/component: "collaboration-tools"
     {{- include "commonLabels" . | nindent 4}}
   name: mattermost
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: mattermost
-  labels:
-    app.kubernetes.io/name: mattermost
-    app.kubernetes.io/component: "collaboration-tools"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
-
----
-{{- with .Values.addons.mattermost.database }}
-{{- if and .username .password .host .port .database }}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: mattermost-database-secret
-  namespace: mattermost
-  labels:
-    app.kubernetes.io/name: mattermost
-    app.kubernetes.io/component: "collaboration-tools"
-    {{- include "commonLabels" $ | nindent 4}}
-stringData:
-  DB_CONNECTION_CHECK_URL: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode | default "disable" }}"
-  DB_CONNECTION_STRING: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode | default "disable" }}"
-{{- end }}
-{{- end }}
-
----
-{{- with .Values.addons.mattermost.objectStorage }}
-{{- if and .endpoint .accessKey .accessSecret .bucket }}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: "mattermost-objectstorage-secret"
-  namespace: mattermost
-  labels:
-    app.kubernetes.io/name: mattermost
-    app.kubernetes.io/component: "collaboration-tools"
-    {{- include "commonLabels" $ | nindent 4}}
-data:
-  accesskey: {{ .accessKey | b64enc }}
-  secretkey: {{ .accessSecret | b64enc }}
-{{- end }}
-{{- end }}
-
----
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/mattermost/mattermost/secret-database.yaml b/chart/templates/mattermost/mattermost/secret-database.yaml
new file mode 100644
index 0000000000..3f8f1afa73
--- /dev/null
+++ b/chart/templates/mattermost/mattermost/secret-database.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.addons.mattermost.enabled }}
+{{- with .Values.addons.mattermost.database }}
+{{- if and .username .password .host .port .database }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: mattermost-database-secret
+  namespace: mattermost
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" $ | nindent 4}}
+stringData:
+  DB_CONNECTION_CHECK_URL: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode | default "disable" }}"
+  DB_CONNECTION_STRING: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode | default "disable" }}"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mattermost/mattermost/secret-objectstore.yaml b/chart/templates/mattermost/mattermost/secret-objectstore.yaml
new file mode 100644
index 0000000000..4ad85f2255
--- /dev/null
+++ b/chart/templates/mattermost/mattermost/secret-objectstore.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.addons.mattermost.enabled }}
+{{- with .Values.addons.mattermost.objectStorage }}
+{{- if and .endpoint .accessKey .accessSecret .bucket }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: "mattermost-objectstorage-secret"
+  namespace: mattermost
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" $ | nindent 4}}
+data:
+  accesskey: {{ .accessKey | b64enc }}
+  secretkey: {{ .accessSecret | b64enc }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/mattermost/operator/imagepullsecret.yaml b/chart/templates/mattermost/operator/imagepullsecret.yaml
new file mode 100644
index 0000000000..3e94f0272e
--- /dev/null
+++ b/chart/templates/mattermost/operator/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: mattermost-operator
+  labels:
+    app.kubernetes.io/name: mattermost-operator
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mattermost/operator/namespace.yaml b/chart/templates/mattermost/operator/namespace.yaml
index 44e30e4cbe..4707ae7bf3 100644
--- a/chart/templates/mattermost/operator/namespace.yaml
+++ b/chart/templates/mattermost/operator/namespace.yaml
@@ -8,19 +8,4 @@ metadata:
     app.kubernetes.io/name: mattermost-operator
     app.kubernetes.io/component: "collaboration-tools"
     {{- include "commonLabels" . | nindent 4}}
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: mattermost-operator
-  labels:
-    app.kubernetes.io/name: mattermost-operator
-    app.kubernetes.io/component: "collaboration-tools"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
diff --git a/chart/templates/minio/minio-operator/imagepullsecret.yaml b/chart/templates/minio/minio-operator/imagepullsecret.yaml
new file mode 100644
index 0000000000..3e94f0272e
--- /dev/null
+++ b/chart/templates/minio/minio-operator/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: mattermost-operator
+  labels:
+    app.kubernetes.io/name: mattermost-operator
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/minio/minio/imagepullsecret.yaml b/chart/templates/minio/minio/imagepullsecret.yaml
new file mode 100644
index 0000000000..f88a8d4b74
--- /dev/null
+++ b/chart/templates/minio/minio/imagepullsecret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.addons.minio.enabled }}
+{{- if (   include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: minio
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/minio/minio/namespace.yaml b/chart/templates/minio/minio/namespace.yaml
index fc1c96bd61..4d2e2ddbda 100644
--- a/chart/templates/minio/minio/namespace.yaml
+++ b/chart/templates/minio/minio/namespace.yaml
@@ -8,26 +8,4 @@ metadata:
     app.kubernetes.io/name: minio
     app.kubernetes.io/component: "application-utilities"
     {{- include "commonLabels" . | nindent 4}}
----
-{{- if (   include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: minio
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
----
-# probably want to get rid of this eventually
-apiVersion: v1
-kind: Secret
-metadata:
-  name: minio-root-creds-secret
-  namespace: minio
-type: Opaque
-data:
-  accesskey: {{ .Values.addons.minio.accesskey | default "minio" | b64enc }}
-  secretkey: {{ .Values.addons.minio.secretkey | default "minio123" | b64enc }}
 {{- end }}
diff --git a/chart/templates/minio/minio/secret.yaml b/chart/templates/minio/minio/secret.yaml
new file mode 100644
index 0000000000..059f199372
--- /dev/null
+++ b/chart/templates/minio/minio/secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.addons.minio.enabled }}
+# probably want to get rid of this eventually
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-root-creds-secret
+  namespace: minio
+type: Opaque
+data:
+  accesskey: {{ .Values.addons.minio.accesskey | default "minio" | b64enc }}
+  secretkey: {{ .Values.addons.minio.secretkey | default "minio123" | b64enc }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/monitoring/imagepullsecret.yaml b/chart/templates/monitoring/imagepullsecret.yaml
new file mode 100644
index 0000000000..1d65260b44
--- /dev/null
+++ b/chart/templates/monitoring/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.monitoring.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: monitoring
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/monitoring/namespace.yaml b/chart/templates/monitoring/namespace.yaml
index e4a13b500c..4b0d611768 100644
--- a/chart/templates/monitoring/namespace.yaml
+++ b/chart/templates/monitoring/namespace.yaml
@@ -7,19 +7,4 @@ metadata:
     app.kubernetes.io/name: monitoring
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: monitoring
-  labels:
-    app.kubernetes.io/name: monitoring
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/sonarqube/imagepullsecret.yaml b/chart/templates/sonarqube/imagepullsecret.yaml
new file mode 100644
index 0000000000..6732ac5474
--- /dev/null
+++ b/chart/templates/sonarqube/imagepullsecret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.addons.sonarqube.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: sonarqube
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/sonarqube/namespace.yaml b/chart/templates/sonarqube/namespace.yaml
index 97c0f54f81..fec7516c08 100644
--- a/chart/templates/sonarqube/namespace.yaml
+++ b/chart/templates/sonarqube/namespace.yaml
@@ -3,27 +3,4 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: sonarqube
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: sonarqube
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
----
-# create database secret
-{{- if and .Values.addons.sonarqube.database.host .Values.addons.sonarqube.database.username .Values.addons.sonarqube.database.password .Values.addons.sonarqube.database.database .Values.addons.sonarqube.database.port }}
-apiVersion: v1
-kind: Secret
-metadata:
-    name: sonarqube-db-secret
-    namespace: sonarqube
-type: kubernetes.io/opaque
-stringData:
-    postgresql-password: {{ .Values.addons.sonarqube.database.password }}
-{{- end }}
 {{- end }}
diff --git a/chart/templates/sonarqube/secret-database.yaml b/chart/templates/sonarqube/secret-database.yaml
new file mode 100644
index 0000000000..d05cf2b0e7
--- /dev/null
+++ b/chart/templates/sonarqube/secret-database.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.addons.sonarqube.enabled }}
+# create database secret
+{{- if and .Values.addons.sonarqube.database.host .Values.addons.sonarqube.database.username .Values.addons.sonarqube.database.password .Values.addons.sonarqube.database.database .Values.addons.sonarqube.database.port }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: sonarqube-db-secret
+    namespace: sonarqube
+type: kubernetes.io/opaque
+stringData:
+    postgresql-password: {{ .Values.addons.sonarqube.database.password }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/twistlock/imagepullsecret.yaml b/chart/templates/twistlock/imagepullsecret.yaml
new file mode 100644
index 0000000000..a35f89bb85
--- /dev/null
+++ b/chart/templates/twistlock/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.twistlock.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: twistlock
+  labels:
+    app.kubernetes.io/name: twistlock
+    app.kubernetes.io/component: "security"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/twistlock/namespace.yaml b/chart/templates/twistlock/namespace.yaml
index ea488c39ca..9b17da13fc 100644
--- a/chart/templates/twistlock/namespace.yaml
+++ b/chart/templates/twistlock/namespace.yaml
@@ -7,19 +7,4 @@ metadata:
     app.kubernetes.io/name: twistlock
     app.kubernetes.io/component: "security"
     {{- include "commonLabels" . | nindent 4}}
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: twistlock
-  labels:
-    app.kubernetes.io/name: twistlock
-    app.kubernetes.io/component: "security"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/velero/imagepullsecret.yaml b/chart/templates/velero/imagepullsecret.yaml
new file mode 100644
index 0000000000..ecf9e14baf
--- /dev/null
+++ b/chart/templates/velero/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.addons.velero.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: velero
+  labels:
+    app.kubernetes.io/name: velero
+    app.kubernetes.io/component: "cluster-utilities"
+    {{- include "commonLabels" . | nindent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/velero/namespace.yaml b/chart/templates/velero/namespace.yaml
index def8e437e6..bda84e6290 100644
--- a/chart/templates/velero/namespace.yaml
+++ b/chart/templates/velero/namespace.yaml
@@ -10,20 +10,4 @@ metadata:
     {{- if .Values.istio.enabled }}
     istio-injection: enabled
     {{- end }}
-
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: velero
-  labels:
-    app.kubernetes.io/name: velero
-    app.kubernetes.io/component: "cluster-utilities"
-    {{- include "commonLabels" . | nindent 4 }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
-- 
GitLab