Helm chart Add support for image pull secrets

[villanisaac-kr]

Describe the current behavior
A description of how things are today.
Today we can't use images that are stored in a virtual repository due to the lack of a input values for imagePullSecrets

Describe the improvement
How should things be changed or improved?
Need to add pull secrets input value on values.yaml file

Like this

image:
  repository: mcr.microsoft.com/k8s/azureserviceoperator:v2.6.0
  kubeRBACProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
  pullSecrets: [] 

Need to add the pull secrets to Deployment and Job templates under /spec/template/spec like below example:

      {{- with .Values.image.pullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}

Additional context
Add any other context about the suggested improvement.

Tasks

Beta Give feedback

No tasks being tracked yet.

[villanisaac-kr]

Here is quick example:

https://helm-playground.com/#t=LQhQEMAcEsDUFMBOBnaB7AdgLgAQCNwAXAYwAsB6ANwEZQBraDAE1wCk09QBbeQ8JouCygcODOB65wALwCuieMiSVoxeGkhIiaRMEgLgsyAHNE-eMDLxidJCJzgMGNH0LoMyYaNEAiUvAAbLgA6ZApSNDQ6H1x9CyNTc3tffyDQ8Mi6YAB3eGhjUkIYnB8ABh9kktSQsPIIqOAmQN4LSDQA1QBPYrx4ADMdC3qs4gUidwAaYeBkWWI1eCamUGRNYi98cBs0Pr6AGWguaEJcACZ7QnguSACieA3RVesH7wVkPkRCAAV2rtwAOXglDs3m8SkQKjUAEF5mhZBhCP8JPcHHI3spVOpNGZCDo9AYEmYmpZ-DYQaCcMRMHxGEhPJVRMAHIhjPSKRSmSA4oYTESLFYbABeQiIWTwBneQ7gYwogDesuCsHAATFyGCUplwQUbVQuMQnQAvgaJaINfAvrIAgEfh1iJ1cFCAtlwJ1kCaxMjYgTeeYSdZbIh3W84Yg1Gz2d4OkdCOGI95iJBZLgAKylUpcd2gnhcHT2nDJ6inACy0EzOAUAEdVTGXnGE0mcKc0xm41mrrmzsmAGwliXypnZY6kHCK5Wq9VcaXwYKJq0AZWsChjOCNErNFvni94sYp-ZwuIAmhIAiOAD5iRhNBE4AAcK%2BN7L38GY99AoCAA&v=LQhQEsFsEMHMFMBcoAEKBO8AOB7AzuAC47oCeiKkpwW64AbtIfMJnrOHoWQHQDGOSAHoA1gA48Q6AC8Arm3jp64PvBxZFTEonoAmHgDYeABlQoRsgEbwASgCEAggGEACuhwAPcpWq0GTFjYOLl4BYQtrS1lwABsAE0VRK0DLaD4ady8dYx4ARgBmPLMsWRiYgGV4PkxCPGQ0NGAUADtoSCQUSur4QlyzRpa2jq6a3X6UJtb2ihGe-P7QIA

[matthchr]

Can you expand on why you want this?

Is it related to supply-chain security? Worried about the mcr image tag being maliciously updated? Or something else?

Note: Might be worth seeing if other projects like CAPI support this.

[villanisaac-kr]

Hi Yes I would say supply chain security is correct. At the org I work for all AKS clusters are deployed to private VNets and the firewall restricts access to third party artifacts to use private registry only. So my cluster is not allowed to connect directly to mcr. Also many open source projects support imagePullSecrets.
@matthchr