From 7b3bc5b408b42b2aff17c0216e4453efe7f89673 Mon Sep 17 00:00:00 2001 From: "Ehsan.Asadi" Date: Tue, 30 Dec 2025 16:52:21 +0330 Subject: [PATCH] feat(helm): add imagePullSecret template for private registry Changes: - Add templates/secret.yaml to automatically create docker-registry secret - Add imageCredentials config to values.yaml (disabled by default) - Enable imageCredentials in values-production.yaml - Auto-generates kubernetes.io/dockerconfigjson secret from username/password Usage in production: 1. Set credentials via ArgoCD values override: imageCredentials.username: imageCredentials.password: 2. Or use external-secrets operator to inject from vault The secret will be auto-created and referenced in imagePullSecrets. --- helm/peikarband/values-production.yaml | 18 ++++++++++-------- helm/peikarband/values.yaml | 11 ++++++++++- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/helm/peikarband/values-production.yaml b/helm/peikarband/values-production.yaml index 2a6aa1d..f47d03b 100644 --- a/helm/peikarband/values-production.yaml +++ b/helm/peikarband/values-production.yaml @@ -6,14 +6,16 @@ replicaCount: 1 image: pullPolicy: Always -# Note: If hub-registry-secret doesn't exist, create it with: -# kubectl create secret docker-registry hub-registry-secret \ -# --docker-server=hub.peikarband.ir \ -# --docker-username= \ -# --docker-password= \ -# -n peikarband -# Or disable imagePullSecrets in values.yaml if registry is public -imagePullSecrets: [] +# Docker registry credentials - automatically creates secret +imageCredentials: + create: true + name: hub-registry-secret + registry: hub.peikarband.ir + username: "" # TODO: Set via ArgoCD/Helm or external secret + password: "" # TODO: Set via ArgoCD/Helm or external secret + +imagePullSecrets: + - name: hub-registry-secret # Reflex configuration for production reflex: diff --git a/helm/peikarband/values.yaml b/helm/peikarband/values.yaml index e73b33b..864a300 100644 --- a/helm/peikarband/values.yaml +++ b/helm/peikarband/values.yaml @@ -9,7 +9,16 @@ image: tag: "latest" imagePullSecrets: [] - # - name: hub-registry-secret # Uncomment if using private registry + # - name: hub-registry-secret # Auto-created if imageCredentials.create is true + +# Docker registry credentials (for private registry) +imageCredentials: + create: false # Set to true to create imagePullSecret automatically + name: hub-registry-secret + registry: hub.peikarband.ir + username: "" # Set in values-production.yaml or via --set + password: "" # Set in values-production.yaml or via --set (use secrets manager in production!) + nameOverride: "" fullnameOverride: ""