ehsan-minadd/peikarband
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(helm): add imagePullSecret template for private registry
Some checks failed
CD - Build & Deploy / build-and-push (push) Has been cancelled
Details
CD - Build & Deploy / package-helm (push) Has been cancelled
Details
CD - Build & Deploy / deploy-staging (push) Has been cancelled
Details
CD - Build & Deploy / deploy-production (push) Has been cancelled
Details
CD - Build & Deploy / release (push) Has been cancelled
Details
CI / security (push) Has been cancelled
Details
CI / test (3.11) (push) Has been cancelled
Details
ci/woodpecker/push/woodpecker Pipeline failed
Details
CI / test (3.12) (push) Has been cancelled
Details

Browse Source 
Changes:
- Add templates/secret.yaml to automatically create docker-registry secret
- Add imageCredentials config to values.yaml (disabled by default)
- Enable imageCredentials in values-production.yaml
- Auto-generates kubernetes.io/dockerconfigjson secret from username/password

Usage in production:
1. Set credentials via ArgoCD values override:
   imageCredentials.username: <from-secret>
   imageCredentials.password: <from-secret>

2. Or use external-secrets operator to inject from vault

The secret will be auto-created and referenced in imagePullSecrets.
This commit is contained in:
Ehsan.Asadi
2025-12-30 16:52:21 +03:30
parent 669a065ee0
commit 7b3bc5b408
2 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
helm/peikarband/values-production.yaml
View File

@@ -6,14 +6,16 @@ replicaCount: 1
image: image:
pullPolicy: Always pullPolicy: Always
# Note: If hub-registry-secret doesn't exist, create it with: # Docker registry credentials - automatically creates secret
# kubectl create secret docker-registry hub-registry-secret \ imageCredentials:
# --docker-server=hub.peikarband.ir \ create: true
# --docker-username=<username> \ name: hub-registry-secret
# --docker-password=<password> \ registry: hub.peikarband.ir
# -n peikarband username: "" # TODO: Set via ArgoCD/Helm or external secret
# Or disable imagePullSecrets in values.yaml if registry is public password: "" # TODO: Set via ArgoCD/Helm or external secret
imagePullSecrets: []
imagePullSecrets:
- name: hub-registry-secret
# Reflex configuration for production # Reflex configuration for production
reflex: reflex:

11
helm/peikarband/values.yaml
View File

@@ -9,7 +9,16 @@ image:
tag: "latest" tag: "latest"
imagePullSecrets: [] imagePullSecrets: []
# - name: hub-registry-secret # Uncomment if using private registry # - name: hub-registry-secret # Auto-created if imageCredentials.create is true
# Docker registry credentials (for private registry)
imageCredentials:
create: false # Set to true to create imagePullSecret automatically
name: hub-registry-secret
registry: hub.peikarband.ir
username: "" # Set in values-production.yaml or via --set
password: "" # Set in values-production.yaml or via --set (use secrets manager in production!)
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""