Breakout secrets into individual files

chart/templates/anchore/imagepullsecret.yaml

+{{- if .Values.addons.anchore.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: anchore
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/anchore/namespace.yaml

@@ -5,16 +5,4 @@ metadata:
   labels:
     app: {{ .Release.Name }}-anchore
   name: anchore
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: anchore
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file

chart/templates/argocd/imagepullsecret.yaml

+{{- if .Values.addons.argocd.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: argocd
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}

chart/templates/argocd/namespace.yaml

@@ -7,16 +7,4 @@ metadata:
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
   name: argocd
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: argocd
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}

chart/templates/authservice/imagepullsecret.yaml

+{{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled ) }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: authservice
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/authservice/namespace.yaml

@@ -7,17 +7,4 @@ metadata:
   labels:
     istio-injection: enabled
   {{- end }}
-
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: authservice
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
-
 {{- end }}
\ No newline at end of file

chart/templates/gatekeeper/imagepullsecret.yaml

+{{- if or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: gatekeeper-system
+  labels:
+    app.kubernetes.io/name: gatekeeper
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/gatekeeper/namespace.yaml

@@ -10,20 +10,4 @@ metadata:
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
   name: gatekeeper-system
-
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: gatekeeper-system
-  labels:
-    app.kubernetes.io/name: gatekeeper
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file

chart/templates/gitlab/imagepullsecret.yaml

+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: gitlab
+  labels:
+    app.kubernetes.io/name: gitlab
+    app.kubernetes.io/component: "developer-tools"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/gitlab/namespace.yaml

@@ -7,114 +7,4 @@ metadata:
     app.kubernetes.io/component: "developer-tools"
     {{- include "commonLabels" . | nindent 4}}
   name: gitlab
----
-{{- if ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: gitlab
-  labels:
-    app.kubernetes.io/name: gitlab
-    app.kubernetes.io/component: "developer-tools"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
----
-{{- end }}
-{{- if .Values.addons.gitlab.enabled }}
-# create sso secret. The assumption is OIDC
-{{- if .Values.addons.gitlab.sso.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitlab-sso-provider
-  namespace: gitlab
-type: kubernetes.io/opaque
-stringData:
-  gitlab-sso.json: |-
-    {
-      "name": "openid_connect",
-      "label": "{{ .Values.addons.gitlab.sso.label }}",
-      "args": {
-        "name": "openid_connect",
-        "scope": [
-          "Gitlab"
-        ],
-        "response_type": "code",
-        "issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
-        "client_auth_method": "query",
-        "discovery": true,
-        "uid_field": "preferred_username",
-        "client_options": {
-          "identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
-          "secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
-          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}/users/auth/openid_connect/callback",
-          "end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
-        }
-      }
-    }
-{{- end }}
----
-# create database secret
-{{- if .Values.addons.gitlab.database.host }}
-apiVersion: v1
-kind: Secret
-metadata:
-    name: gitlab-database
-    namespace: gitlab
-type: kubernetes.io/opaque
-stringData:
-    PGPASSWORD: {{ .Values.addons.gitlab.database.password }}
-{{- end }}
----
-# create object storage secret
-{{- if .Values.addons.gitlab.objectStorage.endpoint }}
-apiVersion: v1
-kind: Secret
-metadata:
-    name: gitlab-object-storage
-    namespace: gitlab
-type: kubernetes.io/opaque
-stringData:
-    rails: |-
-      provider: AWS
-      region: {{ .Values.addons.gitlab.objectStorage.region }}
-      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
-      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
-      {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
-      aws_signature_version: 4
-      host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
-      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
-      path_style: true
-      {{- end }}
-    registry: |-
-      s3:
-        {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
-        bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
-        {{- else }}
-        bucket: gitlab-registry
-        {{- end }}
-        accesskey: {{ .Values.addons.gitlab.objectStorage.accessKey }}
-        secretkey: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
-        region: {{ .Values.addons.gitlab.objectStorage.region }}
-        {{- if eq .Values.addons.gitlab.objectStorage.type "s3" }}
-        v4auth: true
-        {{- end }}
-        {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
-        aws_signature_version: 4
-        host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
-        regionendpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
-        path_style: true
-        {{- end }}
-    backups: |-
-      [default]
-      access_key = {{ .Values.addons.gitlab.objectStorage.accessKey }}
-      secret_key = {{ .Values.addons.gitlab.objectStorage.accessSecret }}
-      bucket_location = {{ .Values.addons.gitlab.objectStorage.region }}
-      host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectStorage.endpoint "" }}
-{{- end }}
-
 {{- end }}
\ No newline at end of file

chart/templates/gitlab/secret-database.yaml

+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if .Values.addons.gitlab.database.host }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitlab-database
+    namespace: gitlab
+type: kubernetes.io/opaque
+stringData:
+    PGPASSWORD: {{ .Values.addons.gitlab.database.password }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/gitlab/secret-objectstore.yaml

+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if .Values.addons.gitlab.objectStorage.endpoint }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitlab-object-storage
+    namespace: gitlab
+type: kubernetes.io/opaque
+stringData:
+    rails: |-
+      provider: AWS
+      region: {{ .Values.addons.gitlab.objectStorage.region }}
+      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
+      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
+      aws_signature_version: 4
+      host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
+      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
+      path_style: true
+      {{- end }}
+    registry: |-
+      s3:
+        {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+        bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
+        {{- else }}
+        bucket: gitlab-registry
+        {{- end }}
+        accesskey: {{ .Values.addons.gitlab.objectStorage.accessKey }}
+        secretkey: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+        region: {{ .Values.addons.gitlab.objectStorage.region }}
+        {{- if eq .Values.addons.gitlab.objectStorage.type "s3" }}
+        v4auth: true
+        {{- end }}
+        {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
+        aws_signature_version: 4
+        host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
+        regionendpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
+        path_style: true
+        {{- end }}
+    backups: |-
+      [default]
+      access_key = {{ .Values.addons.gitlab.objectStorage.accessKey }}
+      secret_key = {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      bucket_location = {{ .Values.addons.gitlab.objectStorage.region }}
+      host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectStorage.endpoint "" }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/gitlab/secret-sso.yaml

+{{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
+{{- if .Values.addons.gitlab.sso.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitlab-sso-provider
+  namespace: gitlab
+type: kubernetes.io/opaque
+stringData:
+  gitlab-sso.json: |-
+    {
+      "name": "openid_connect",
+      "label": "{{ .Values.addons.gitlab.sso.label }}",
+      "args": {
+        "name": "openid_connect",
+        "scope": [
+          "Gitlab"
+        ],
+        "response_type": "code",
+        "issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
+        "client_auth_method": "query",
+        "discovery": true,
+        "uid_field": "preferred_username",
+        "client_options": {
+          "identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
+          "secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
+          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}/users/auth/openid_connect/callback",
+          "end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
+        }
+      }
+    }
+{{- end }}
+{{- end}}
\ No newline at end of file

chart/templates/istio/controlplane/imagepullsecret-kubesystem.yaml

+{{- if .Values.istio.enabled }}
+{{- if and .Values.openshift ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: kube-system
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/istio/controlplane/imagepullsecret.yaml

+{{- if .Values.istio.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/istio/controlplane/namespace.yaml

@@ -7,46 +7,4 @@ metadata:
     app.kubernetes.io/name: istio-controlplane
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: istio-system
-  labels:
-    app.kubernetes.io/name: istio-controlplane
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- if .Values.openshift }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: kube-system
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
-{{- end }}
----
-{{- if and .Values.istio.ingress.key .Values.istio.ingress.cert }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wildcard-cert
-  namespace: istio-system
-  labels:
-    app.kubernetes.io/name: istio-controlplane
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/tls
-data:
-  tls.crt: {{ .Values.istio.ingress.cert | b64enc }}
-  tls.key: {{ .Values.istio.ingress.key | b64enc}}
-{{- end }}
 {{- end }}
\ No newline at end of file

chart/templates/istio/controlplane/secret-tls.yaml

+{{- if and .Values.istio.enabled  (and .Values.istio.ingress.key .Values.istio.ingress.cert ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-cert
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.istio.ingress.cert | b64enc }}
+  tls.key: {{ .Values.istio.ingress.key | b64enc}}
+{{- end }}
\ No newline at end of file

chart/templates/istio/controlplane/values.yaml

@@ -12,5 +12,4 @@ imagePullSecrets:
   - private-registry
 
 openshift: {{ .Values.openshift }}
-
 {{- end -}}

chart/templates/istio/operator/imagepullsecret.yaml

+{{- if and .Values.istiooperator.enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: istio-operator
+  labels:
+    app.kubernetes.io/name: istio-operator
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file

chart/templates/istio/operator/namespace.yaml

@@ -9,19 +9,4 @@ metadata:
     app.kubernetes.io/name: istio-operator
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
-{{- if ( include "imagePullSecret" . ) }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: istio-operator
-  labels:
-    app.kubernetes.io/name: istio-operator
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
 {{- end }}
\ No newline at end of file