feat: Enhance Image Handling and Add Private Registry Support in Vault Helm Chart #299
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JuryA
changed the title
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
2 tasks
There was a problem hiding this comment.
Pull Request Overview
This PR enhances image handling and adds support for private container registries in the Vault Helm chart by introducing new helper templates and configuration options. Key changes include:
- New helper templates for standardizing image rendering and generating image pull secret references in multiple manifests.
- Updates to Kubernetes manifests (statefulset, secret-cleanup, tests) to use these templates and support private registry configurations.
- Expanded configuration options in values.yaml and corresponding documentation updates in the README.
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vault/values.yaml | Added new global and image-specific pull secret and registry options with expanded comments. |
| vault/templates/tests/test-vault-status.yaml | Updated test manifest to use new helper templates for image and pull secret handling. |
| vault/templates/statefulset.yaml | Revised container image and pull secret definitions to utilize new helper templates. |
| vault/templates/secret-cleanup.yaml | Modified image and pull secret configuration to leverage helper templates. |
| vault/templates/_images.tpl | Introduced helper templates to build image names, versions, and pull secret renderings. |
| vault/templates/_helpers.tpl | Added a new template for rendering Docker image pull secrets dynamically. |
| vault/README.md | Updated configuration table to include new parameters and adjust parameter ordering. |
Comments suppressed due to low confidence (2)
vault/values.yaml:9
- Consider expanding the comments for 'imagePullSecrets' (and similarly for 'imageRegistry') with a clear example usage to help users understand the expected format and use cases.
imagePullSecrets: []
vault/README.md:146
- [nitpick] Ensure that the descriptions in the README clearly differentiate between global image pull secret configuration and image-level pull secret settings, and provide guidance on how they interact.
| `global.imagePullSecrets` | list | `[]` | Specify image pull secrets to use for pulling images from private registries |
|
@sagikazarmark Have you had a chance to review my code request? Thank you! 😎 |
csatib02
added
the
kind/enhancement
…l configuration Signed-off-by: Jiří Altman <[email protected]>
… global configuration Signed-off-by: Jiří Altman <[email protected]>
…age.registry`) for Vault, unsealer, secret-cleanup Job, and StatsD exporter Signed-off-by: Jiří Altman <[email protected]>
…d (`image.pullSecrets`) for Vault, unsealer, secret-cleanup Job, and StatsD exporter Signed-off-by: Jiří Altman <[email protected]>
…l secrets handling - compatible s Bitnami's common `_image.tpl` Signed-off-by: Jiří Altman <[email protected]>
Signed-off-by: Jiří Altman <[email protected]>
…t, and test-vault-status templates Signed-off-by: Jiří Altman <[email protected]>
…lized image function Signed-off-by: Jiří Altman <[email protected]>
Co-authored-by: Copilot <[email protected]> Signed-off-by: Jiří Altman <[email protected]>
- Add new parameters for affinity, certManager, extra containers, image pull secrets, and more. - Enhance documentation for better clarity on configuration options. Signed-off-by: Jiří Altman <[email protected]>
|
@sagikazarmark Could you please prioritise reviewing this? It has already passed the initial classification, but I've been waiting for feedback for some time. I'm about to leave on an extended trip without computer access, so I'd really appreciate it if we could get this finalised beforehand. Otherwise, it risks getting stuck indefinitely, which I'd like to avoid. /cc @csatib02 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This pull request introduces significant updates to the Vault Helm chart, focusing on enhancing image handling, improving configuration flexibility, and adding support for private registries. The most important changes include the addition of helper templates for consistent image rendering, updates to YAML files to support
imagePullSecrets, and new configuration options invalues.yamlfor global settings.Enhancements to image handling:
vault/templates/_images.tpl: Added helper templates (vault.images.image,vault.images.renderPullSecrets, andvault.images.version) to standardize Docker image rendering, including handling tags, digests, and registry secrets.vault/templates/_helpers.tpl: Introduced thevault.imagePullSecretstemplate to dynamically generate Docker registry secret names.Updates to Kubernetes manifests:
vault/templates/statefulset.yaml: Updated container image definitions to use the newvault.images.imagehelper and addedimagePullSecretsfor private registry support. [1] [2] [3] [4]vault/templates/secret-cleanup.yaml: Modified thespecto usevault.images.imagefor image rendering and addedimagePullSecrets.vault/templates/tests/test-vault-status.yaml: Updated test container image definitions to usevault.images.imageand includedimagePullSecrets.Configuration improvements:
vault/values.yaml: Added global configuration options forimagePullSecretsandimageRegistry, enabling better support for private registries and overriding registry settings.These changes collectively improve the flexibility, maintainability, and compatibility of the Vault Helm chart, especially in environments requiring private registry support.
Fixes #275 (partly)
Notes for reviewer
Signed-off-by: Jiří Altman [email protected]