Use Swarm default registry creds (manage-images) and configurations.yml placeholders

Made-with: Cursor
2026-03-20 10:22:05 +01:00
parent 4ef10ffc20
commit e2d50d8d16
5 changed files with 59 additions and 28 deletions
--- a/gitops/charts/onelab/templates/_helpers.tpl
+++ b/gitops/charts/onelab/templates/_helpers.tpl
@@ -23,3 +23,11 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}

+{{- define "onelab.dockerconfigjson" -}}
+{{- $server := .Values.registry.server -}}
+{{- $user := .Values.registry.username -}}
+{{- $pass := .Values.registry.password -}}
+{{- $auth := printf "%s:%s" $user $pass | b64enc -}}
+{{- $entry := dict "username" $user "password" $pass "auth" $auth -}}
+{{- dict "auths" (dict $server $entry) | toJson -}}
+{{- end }}
--- a/gitops/charts/onelab/templates/secret-registry.yaml
+++ b/gitops/charts/onelab/templates/secret-registry.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.registry.createPullSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.registry.pullSecretName }}
+  labels:
+    {{- include "onelab.labels" . | nindent 4 }}
+  annotations:
+    argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.registry | quote }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "onelab.dockerconfigjson" . | b64enc }}
+{{- end }}
--- a/gitops/charts/onelab/values.yaml
+++ b/gitops/charts/onelab/values.yaml
@@ -18,6 +18,14 @@ images:
 imagePullSecrets: []
 # - name: hub-andrewalliance

+# Same defaults as app/playbooks/tasks/manage-images.yml (docker login before pull).
+registry:
+  createPullSecret: false
+  pullSecretName: hub-andrewalliance
+  server: hub.andrewalliance.com
+  username: public
+  password: Andrew01..Release
+
 # hostPath: matches typical single-node Swarm-style install (shared /data and /logs).
 # Use persistence.mode: pvc + a ReadWriteMany class for multi-node shared storage.
 persistence:
@@ -33,7 +41,7 @@ persistence:

 postgresql:
  auth:
-    password: "changeme-use-strong-password"
+    password: "DBPasswordPlaceholder"
  resources: {}

 redis:
@@ -50,6 +58,7 @@ rabbitmq:
    fullchain: ""

 syncWaves:
+  registry: "-5"
  postgres: "-3"
  statefulDeps: "-2"
  apps: "0"
@@ -59,12 +68,12 @@ onelab:
  mailer:
    noreply: "no-reply@andrewalliance.com"
  secrets:
-    authTokenKey: "replace-auth-token-key"
-    monitoringToken: "replace-monitoring-token"
-    rabbitToken: "replace-rabbit-token"
+    authTokenKey: "TokenAuthPlaceholder"
+    monitoringToken: "TokenMonitoringPlaceholder"
+    rabbitToken: "TokenRabbitPlaceholder"
  intercom:
-    appid: ""
-    secret: "replace-intercom-secret"
+    appid: "zxvgsagz"
+    secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"

 features:
  ldapWorker: false