From 5aae7430537ffbf9d670f4703f1c034f8f45ba5c Mon Sep 17 00:00:00 2001
From: pmarkiewka <52416468+pmarkiewka@users.noreply.github.com>
Date: Wed, 11 Aug 2021 08:45:20 +0200
Subject: [PATCH] Adds pullSecret option and simplifies image usage (#1765)

Adds a value field to set a Secret to pull the image from an image registry with authentication, in case you need to host the image yourself and your registry has authentication.

To simplify the configuration we set the initContainers to use the same image as the application itself.
This has the following advantages:
- No additional configuration for image and pull Secret in values needed
- The used image is always up-to-date now. No need to maintain an extra alpine image.
- Faster startup times. No extra images have to be pulled.

Signed-off-by: pmarkiewka <philipp.markiewka@cloudogu.com>
---
 .../src/main/chart/templates/deployment.yaml     | 16 ++++++++++++----
 scm-packaging/helm/src/main/chart/values.yaml    |  2 ++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/scm-packaging/helm/src/main/chart/templates/deployment.yaml b/scm-packaging/helm/src/main/chart/templates/deployment.yaml
index c3d97577b0..e9b00aca70 100644
--- a/scm-packaging/helm/src/main/chart/templates/deployment.yaml
+++ b/scm-packaging/helm/src/main/chart/templates/deployment.yaml
@@ -45,19 +45,27 @@ spec:
         app: {{ include "scm-manager.name" . }}
         release: {{ .Release.Name }}
     spec:
+      {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.image.pullSecret }}
+      {{- end }}
       initContainers:
       - name: volume-permissions
-        image: alpine:3.8
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: IfNotPresent
         command: ['sh', '-c', 'chown 1000:1000 /data']
+        securityContext:
+          runAsUser: 0
         volumeMounts:
         - name: data
           mountPath: /data
       {{- if .Values.plugins }}
       - name: install-plugins
-        image: alpine:3.8
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: IfNotPresent
         command: ['sh', '/scripts/install-plugins.sh']
+        securityContext:
+          runAsUser: 0
         volumeMounts:
         - name: data
           mountPath: /data
@@ -113,11 +121,11 @@ spec:
         emptyDir: {}
       {{- end }}
       - name: config
-        configMap: 
+        configMap:
           name: {{ include "scm-manager.fullname" . }}
       {{- if .Values.plugins }}
       - name: scripts
-        configMap: 
+        configMap:
           name: {{ include "scm-manager.fullname" . }}-scripts
       {{- end }}
       {{- with .Values.extraVolumes }}
diff --git a/scm-packaging/helm/src/main/chart/values.yaml b/scm-packaging/helm/src/main/chart/values.yaml
index 5bad6f9471..99d8af95ca 100644
--- a/scm-packaging/helm/src/main/chart/values.yaml
+++ b/scm-packaging/helm/src/main/chart/values.yaml
@@ -33,6 +33,8 @@ image:
   tag: ${dockerTag}
   # image.pullPolicy -- SCM-Manager image pull policy
   pullPolicy: IfNotPresent
+  # image.pullSecret -- Secret with credentials for the image registry
+  # pullSecret: registry-credentials
 
 # nameOverride -- Override the resource name prefix
 nameOverride: ""