Add --insecure-registries flag (#583)

```sh > helm template charts/kubedb-provisioner \ --set insecureRegistries[0]=harbor.example.com \ --set insecureRegistries[1]=hub.example.com > helm template charts/kubedb \ --set global.insecureRegistries[0]=hub.example.com \ --set global.insecureRegistries[1]=hub2.example.com \ --set kubedb-provisioner.insecureRegistries[0]=harbor.example.com ``` Signed-off-by: Tamal Saha <tamal@appscode.com>
kubedb · Jan 16, 2023 · a070531 · a070531
1 parent 321c372
commit a070531
Show file tree

Hide file tree

Showing 29 changed files with 126 additions and 29 deletions.
diff --git a/apis/installer/v1alpha1/kubedb_ops_manager_types.go b/apis/installer/v1alpha1/kubedb_ops_manager_types.go
@@ -44,11 +44,12 @@ type KubedbOpsManagerSpec struct {
 	//+optional
 	NameOverride string `json:"nameOverride"`
 	//+optional
-	FullnameOverride string    `json:"fullnameOverride"`
-	ReplicaCount     int32     `json:"replicaCount"`
-	RegistryFQDN     string    `json:"registryFQDN"`
-	Operator         Container `json:"operator"`
-	ImagePullPolicy  string    `json:"imagePullPolicy"`
+	FullnameOverride   string    `json:"fullnameOverride"`
+	ReplicaCount       int32     `json:"replicaCount"`
+	RegistryFQDN       string    `json:"registryFQDN"`
+	InsecureRegistries []string  `json:"insecureRegistries"`
+	Operator           Container `json:"operator"`
+	ImagePullPolicy    string    `json:"imagePullPolicy"`
 	//+optional
 	ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets"`
 	// +optional

diff --git a/apis/installer/v1alpha1/kubedb_provisioner_types.go b/apis/installer/v1alpha1/kubedb_provisioner_types.go
@@ -44,11 +44,12 @@ type KubedbProvisionerSpec struct {
 	//+optional
 	NameOverride string `json:"nameOverride"`
 	//+optional
-	FullnameOverride string    `json:"fullnameOverride"`
-	ReplicaCount     int32     `json:"replicaCount"`
-	RegistryFQDN     string    `json:"registryFQDN"`
-	Operator         Container `json:"operator"`
-	ImagePullPolicy  string    `json:"imagePullPolicy"`
+	FullnameOverride   string    `json:"fullnameOverride"`
+	ReplicaCount       int32     `json:"replicaCount"`
+	RegistryFQDN       string    `json:"registryFQDN"`
+	InsecureRegistries []string  `json:"insecureRegistries"`
+	Operator           Container `json:"operator"`
+	ImagePullPolicy    string    `json:"imagePullPolicy"`
 	//+optional
 	ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets"`
 	// +optional

diff --git a/apis/installer/v1alpha1/kubedb_types.go b/apis/installer/v1alpha1/kubedb_types.go
@@ -108,9 +108,10 @@ type KubedbMetricsValues struct {
 }
 
 type GlobalValues struct {
-	License      string `json:"license"`
-	Registry     string `json:"registry"`
-	RegistryFQDN string `json:"registryFQDN"`
+	License            string   `json:"license"`
+	Registry           string   `json:"registry"`
+	RegistryFQDN       string   `json:"registryFQDN"`
+	InsecureRegistries []string `json:"insecureRegistries"`
 	//+optional
 	ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets"`
 	Monitoring       EASMonitoring               `json:"monitoring"`

diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/kubedb-autoscaler/templates/_helpers.tpl b/charts/kubedb-autoscaler/templates/_helpers.tpl
@@ -76,7 +76,7 @@ Returns the registry used for operator docker image
 {{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}

diff --git a/charts/kubedb-autoscaler/templates/deployment.yaml b/charts/kubedb-autoscaler/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-autoscaler.serviceAccountName" . }}
       containers:
       - name: operator

diff --git a/charts/kubedb-dashboard/templates/_helpers.tpl b/charts/kubedb-dashboard/templates/_helpers.tpl
@@ -76,7 +76,7 @@ Returns the registry used for operator docker image
 {{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}

diff --git a/charts/kubedb-dashboard/templates/deployment.yaml b/charts/kubedb-dashboard/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-dashboard.serviceAccountName" . }}
       containers:
       - name: operator

diff --git a/charts/kubedb-ops-manager/README.md b/charts/kubedb-ops-manager/README.md
@@ -52,6 +52,7 @@ The following table lists the configurable parameters of the `kubedb-ops-manager
 | replicaCount                                                     | Number of KubeDB operator replicas to create (only 1 is supported)                                                                                                                                                                                                                                                                                                                                                        | <code>1</code>                            |
 | license                                                          | License for the product. Get a license by following the steps from [here](https://stash.run/docs/latest/setup/install/enterprise#get-a-trial-license). <br> Example: <br> `helm install appscode/kubedb-ops-manager \` <br> `--set-file license=/path/to/license/file` <br> `or` <br> `helm install appscode/kubedb-ops-manager \` <br> `--set license=<license file content>`                                            | <code>""</code>                           |
 | registryFQDN                                                     | Docker registry fqdn used to pull KubeDB related images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}                                                                                                                                                                                                                                                                                    | <code>ghcr.io</code>                      |
+| insecureRegistries                                               | Specify an array of insecure registries. <br> Example: <br> `helm template charts/kubedb-ops-manager \` <br> `--set insecureRegistries[0]=hub.company.com \` <br> `--set insecureRegistries[1]=reg.example.com`                                                                                                                                                                                                           | <code>[]</code>                           |
 | operator.registry                                                | Docker registry used to pull KubeDB ops manager image                                                                                                                                                                                                                                                                                                                                                                     | <code>kubedb</code>                       |
 | operator.repository                                              | KubeDB ops manager container image                                                                                                                                                                                                                                                                                                                                                                                        | <code>kubedb-ops-manager</code>           |
 | operator.tag                                                     | KubeDB ops manager container image tag                                                                                                                                                                                                                                                                                                                                                                                    | <code>""</code>                           |

diff --git a/charts/kubedb-ops-manager/templates/_helpers.tpl b/charts/kubedb-ops-manager/templates/_helpers.tpl
@@ -76,13 +76,22 @@ Returns the registry used for operator docker image
 {{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end }}
 
+{{/*
+Returns the --insecure-registries flags
+*/}}
+{{- define "docker.insecureRegistries" -}}
+{{- range (.Values.insecureRegistries | uniq | sortAlpha) }}
+- --insecure-registries={{.}}
+{{- end }}
+{{- end }}
+
 {{/*
 Returns the enabled monitoring agent name
 */}}

diff --git a/charts/kubedb-ops-manager/templates/deployment.yaml b/charts/kubedb-ops-manager/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-ops-manager.serviceAccountName" . }}
       containers:
       - name: operator
@@ -50,6 +50,7 @@ spec:
         - --gen-rotate-tls-recommendation-before-expiry-month={{ .genRotateTLSRecommendationBeforeExpiryMonth }}
         - --gen-rotate-tls-recommendation-before-expiry-day={{ .genRotateTLSRecommendationBeforeExpiryDay }}
         {{- end }}
+        {{ include "docker.insecureRegistries" .  | nindent 8 }}
         {{- if include "appscode.license" . }}
         - --license-file=/var/run/secrets/appscode/license/key.txt
         {{- end }}

diff --git a/charts/kubedb-ops-manager/values.openapiv3_schema.yaml b/charts/kubedb-ops-manager/values.openapiv3_schema.yaml
@@ -789,6 +789,10 @@ properties:
       type: object
       x-kubernetes-map-type: atomic
     type: array
+  insecureRegistries:
+    items:
+      type: string
+    type: array
   license:
     type: string
   logLevel:
@@ -1237,6 +1241,7 @@ properties:
 required:
 - apiserver
 - imagePullPolicy
+- insecureRegistries
 - monitoring
 - operator
 - registryFQDN

diff --git a/charts/kubedb-ops-manager/values.yaml b/charts/kubedb-ops-manager/values.yaml
@@ -21,6 +21,13 @@ license: ""
 # Docker registry fqdn used to pull KubeDB related images
 # Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
 registryFQDN: ghcr.io
+# Specify an array of insecure registries.
+#
+# Example:
+# helm template charts/kubedb-ops-manager \
+#   --set insecureRegistries[0]=hub.company.com \
+#   --set insecureRegistries[1]=reg.example.com
+insecureRegistries: []
 # Docker registry containing KubeDB images
 operator:
   # Docker registry used to pull KubeDB ops manager image

diff --git a/charts/kubedb-opscenter/templates/_helpers.tpl b/charts/kubedb-opscenter/templates/_helpers.tpl
@@ -78,7 +78,7 @@ Returns the registry used for image docker image
 {{/*
 Returns the appscode image pull secrets
 */}}
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.global.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}

diff --git a/charts/kubedb-provisioner/README.md b/charts/kubedb-provisioner/README.md
@@ -52,6 +52,7 @@ The following table lists the configurable parameters of the `kubedb-provisioner
 | replicaCount                         | Number of KubeDB operator replicas to create (only 1 is supported)                                                                                                                                                                                                                                                                                                              | <code>1</code>                            |
 | license                              | License for the product. Get a license by following the steps from [here](https://kubedb.run/docs/latest/setup/install/enterprise#get-a-trial-license). <br> Example: <br> `helm install appscode/kubedb-ops-manager \` <br> `--set-file license=/path/to/license/file` <br> `or` <br> `helm install appscode/kubedb-ops-manager \` <br> `--set license=<license file content>` | <code>""</code>                           |
 | registryFQDN                         | Docker registry fqdn used to pull KubeDB related images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}                                                                                                                                                                                                                                          | <code>ghcr.io</code>                      |
+| insecureRegistries                   | Specify an array of insecure registries. <br> Example: <br> `helm template charts/kubedb-ops-manager \` <br> `--set insecureRegistries[0]=hub.company.com \` <br> `--set insecureRegistries[1]=reg.example.com`                                                                                                                                                                 | <code>[]</code>                           |
 | operator.registry                    | Docker registry used to pull KubeDB operator image                                                                                                                                                                                                                                                                                                                              | <code>kubedb</code>                       |
 | operator.repository                  | KubeDB operator container image                                                                                                                                                                                                                                                                                                                                                 | <code>kubedb-provisioner</code>           |
 | operator.tag                         | KubeDB operator container image tag                                                                                                                                                                                                                                                                                                                                             | <code>""</code>                           |

diff --git a/charts/kubedb-provisioner/templates/_helpers.tpl b/charts/kubedb-provisioner/templates/_helpers.tpl
@@ -76,13 +76,22 @@ Returns the registry used for operator docker image
 {{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end }}
 
+{{/*
+Returns the --insecure-registries flags
+*/}}
+{{- define "docker.insecureRegistries" -}}
+{{- range (.Values.insecureRegistries | uniq | sortAlpha) }}
+- --insecure-registries={{.}}
+{{- end }}
+{{- end }}
+
 {{/*
 Returns the enabled monitoring agent name
 */}}

diff --git a/charts/kubedb-provisioner/templates/deployment.yaml b/charts/kubedb-provisioner/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-provisioner.serviceAccountName" . }}
       containers:
       - name: operator
@@ -44,6 +44,7 @@ spec:
         - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }}
         - --metrics-bind-address=:{{ .Values.monitoring.bindPort }}
         - --health-probe-bind-address=:{{ .Values.apiserver.healthcheck.probePort }}
+        {{ include "docker.insecureRegistries" .  | nindent 8 }}
         {{- if include "appscode.license" . }}
         - --license-file=/var/run/secrets/appscode/license/key.txt
         {{- end }}

diff --git a/charts/kubedb-provisioner/values.openapiv3_schema.yaml b/charts/kubedb-provisioner/values.openapiv3_schema.yaml
@@ -795,6 +795,10 @@ properties:
       type: object
       x-kubernetes-map-type: atomic
     type: array
+  insecureRegistries:
+    items:
+      type: string
+    type: array
   license:
     type: string
   logLevel:
@@ -1227,6 +1231,7 @@ properties:
 required:
 - apiserver
 - imagePullPolicy
+- insecureRegistries
 - monitoring
 - operator
 - registryFQDN

diff --git a/charts/kubedb-provisioner/values.yaml b/charts/kubedb-provisioner/values.yaml
@@ -21,6 +21,13 @@ license: ""
 # Docker registry fqdn used to pull KubeDB related images
 # Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
 registryFQDN: ghcr.io
+# Specify an array of insecure registries.
+#
+# Example:
+# helm template charts/kubedb-ops-manager \
+#   --set insecureRegistries[0]=hub.company.com \
+#   --set insecureRegistries[1]=reg.example.com
+insecureRegistries: []
 # Docker registry containing KubeDB images
 operator:
   # Docker registry used to pull KubeDB operator image

diff --git a/charts/kubedb-schema-manager/templates/_helpers.tpl b/charts/kubedb-schema-manager/templates/_helpers.tpl
@@ -76,7 +76,7 @@ Returns the registry used for operator docker image
 {{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}

diff --git a/charts/kubedb-schema-manager/templates/deployment.yaml b/charts/kubedb-schema-manager/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-schema-manager.serviceAccountName" . }}
       containers:
       - name: operator

diff --git a/charts/kubedb-ui-server/templates/_helpers.tpl b/charts/kubedb-ui-server/templates/_helpers.tpl
@@ -69,7 +69,7 @@ Returns the registry used for image docker image
 {{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}

diff --git a/charts/kubedb-ui-server/templates/deployment.yaml b/charts/kubedb-ui-server/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-ui-server.serviceAccountName" . }}
       containers:
       - name: server

diff --git a/charts/kubedb-webhook-server/templates/_helpers.tpl b/charts/kubedb-webhook-server/templates/_helpers.tpl
@@ -76,7 +76,7 @@ Returns the registry used for operator docker image
 {{- list .Values.registryFQDN .Values.server.registry | compact | join "/" }}
 {{- end }}
 
-{{- define "appscode.imagePullSecrets" -}}
+{{- define "docker.imagePullSecrets" -}}
 {{- with .Values.imagePullSecrets -}}
 imagePullSecrets:
 {{- toYaml . | nindent 2 }}

diff --git a/charts/kubedb-webhook-server/templates/deployment.yaml b/charts/kubedb-webhook-server/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+      {{- include "docker.imagePullSecrets" . | nindent 6 }}
       serviceAccountName: {{ include "kubedb-webhook-server.serviceAccountName" . }}
       containers:
       - name: operator