From 25ad374bfd618a47f543256cf41116ad52c8e99c Mon Sep 17 00:00:00 2001
From: friedrich goerz <friedrich.goerz@netgo.de>
Date: Mon, 19 Dec 2022 17:02:05 +0100
Subject: [PATCH] DEV-681: added imagepullsecrets via fancy helm templating foo

---
 secrets.yaml                    | 33 +++++++++++++++++++++++++++++++--
 templates/_helpers.tpl          |  4 ++++
 templates/harbor_imagepull.yaml | 13 +++++++++++++
 3 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 templates/_helpers.tpl
 create mode 100644 templates/harbor_imagepull.yaml

diff --git a/secrets.yaml b/secrets.yaml
index c354dd0..cc5e592 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -14,14 +14,43 @@ postgres_keycloak_password: ENC[AES256_GCM,data:uI7cZl/+qgZ0/mySWQaK1gvIDfU=,iv:
 oidc:
     iam_keycloak_username: ENC[AES256_GCM,data:k/h49FI3YnEUQQUnvi0=,iv:e9O0Y6WnS3FrbL8vDAmISmftztEKSoqwu0GeezdeqSE=,tag:gLOXAkiN60EeRsViRm6mCQ==,type:str]
     iam_keycloak_password: ENC[AES256_GCM,data:l8lrEjYebIRvQlErrJQI5ERIyligGE/cXmYxSdlKHiY=,iv:ljIATH1cdQWgFpz7438pOZmmJ9NEigCuOuBXJ0c8fNA=,tag:57JjGLDXGDPPNn6lgFYtqg==,type:str]
+imagePullCreds:
+    - namespace: ENC[AES256_GCM,data:uul5mtZkkAXABrhZLQ==,iv:VAHA5d9Y8DkQG3JkmoO/J7FIlW/qn9D4k2EIdChEFsc=,tag:JWmfJGK5X3fGG6fjfO7HfQ==,type:str]
+      secretname: ENC[AES256_GCM,data:90VB5ctxkEcJBKqhn9L2vHUM,iv:vUGM3NIyAVc5Bm1nadBE2Rwekyis+26r9f0vU4L9uUY=,tag:7CpPXOe35rIBZiYCY69FxA==,type:str]
+      dockerconfigjson:
+        registry: ENC[AES256_GCM,data:nAVl9uQ61OqlhQS1JpoNnPX+UGiFRnh06hDt7eOqQqfNWw==,iv:la+Q8H3ZETovGeGc0mbX4U8R+b5VGp8RyCm5nPCqE+E=,tag:6/BBPi2oeoHlLa2B0buVyQ==,type:str]
+        username: ENC[AES256_GCM,data:OfcRWXkFzIhA+1Nb9w==,iv:HqowSL9HGptkvlmLX0vzhZPwrnecTrCX8Q9nPtXPisc=,tag:RDyd7YAWH1++I5OgIC81qA==,type:str]
+        password: ENC[AES256_GCM,data:6f+36SV+YnBb4AXU8lgu92x2UraJSilg9Zf1zbNKXUKZZZLQGXr+ew==,iv:1UTEwwnG53VYrhNuWDZV2amCE6fGKa0XsMWYyvTSBtY=,tag:eJugFTJessDsh2O+ABqudg==,type:str]
+        email: ENC[AES256_GCM,data:jNOSn0u+dNFFwHE7mvWHCCrgzejk50/fWvU=,iv:ybcGyfQRz2PyBkG97RSsMnxjAoI4sNSoorfaIi7bbPs=,tag:Tu1W9qvcK28SIKJQx61A+Q==,type:str]
+    - namespace: ENC[AES256_GCM,data:uwmsjBI1goXhJrCd,iv:pTNiPG5hGIKLYMxyrLO5uzD++coPm6nmYamnzmfsOMM=,tag:57IwKK6sylbPEjf9GYV0ZQ==,type:str]
+      secretname: ENC[AES256_GCM,data:90VB5ctxkEcJBKqhn9L2vHUM,iv:vUGM3NIyAVc5Bm1nadBE2Rwekyis+26r9f0vU4L9uUY=,tag:7CpPXOe35rIBZiYCY69FxA==,type:str]
+      dockerconfigjson:
+        registry: ENC[AES256_GCM,data:nAVl9uQ61OqlhQS1JpoNnPX+UGiFRnh06hDt7eOqQqfNWw==,iv:la+Q8H3ZETovGeGc0mbX4U8R+b5VGp8RyCm5nPCqE+E=,tag:6/BBPi2oeoHlLa2B0buVyQ==,type:str]
+        username: ENC[AES256_GCM,data:OfcRWXkFzIhA+1Nb9w==,iv:HqowSL9HGptkvlmLX0vzhZPwrnecTrCX8Q9nPtXPisc=,tag:RDyd7YAWH1++I5OgIC81qA==,type:str]
+        password: ENC[AES256_GCM,data:6f+36SV+YnBb4AXU8lgu92x2UraJSilg9Zf1zbNKXUKZZZLQGXr+ew==,iv:1UTEwwnG53VYrhNuWDZV2amCE6fGKa0XsMWYyvTSBtY=,tag:eJugFTJessDsh2O+ABqudg==,type:str]
+        email: ENC[AES256_GCM,data:jNOSn0u+dNFFwHE7mvWHCCrgzejk50/fWvU=,iv:ybcGyfQRz2PyBkG97RSsMnxjAoI4sNSoorfaIi7bbPs=,tag:Tu1W9qvcK28SIKJQx61A+Q==,type:str]
+    - namespace: ENC[AES256_GCM,data:uI+BTxQUAaVH0o94elo=,iv:GeCSfLU4PyQiZGFK7WVsWkG1Q+2yBB7PPYHGR+z676g=,tag:JYlitjFUkvVyoFMBKOZiIQ==,type:str]
+      secretname: ENC[AES256_GCM,data:90VB5ctxkEcJBKqhn9L2vHUM,iv:vUGM3NIyAVc5Bm1nadBE2Rwekyis+26r9f0vU4L9uUY=,tag:7CpPXOe35rIBZiYCY69FxA==,type:str]
+      dockerconfigjson:
+        registry: ENC[AES256_GCM,data:nAVl9uQ61OqlhQS1JpoNnPX+UGiFRnh06hDt7eOqQqfNWw==,iv:la+Q8H3ZETovGeGc0mbX4U8R+b5VGp8RyCm5nPCqE+E=,tag:6/BBPi2oeoHlLa2B0buVyQ==,type:str]
+        username: ENC[AES256_GCM,data:OfcRWXkFzIhA+1Nb9w==,iv:HqowSL9HGptkvlmLX0vzhZPwrnecTrCX8Q9nPtXPisc=,tag:RDyd7YAWH1++I5OgIC81qA==,type:str]
+        password: ENC[AES256_GCM,data:6f+36SV+YnBb4AXU8lgu92x2UraJSilg9Zf1zbNKXUKZZZLQGXr+ew==,iv:1UTEwwnG53VYrhNuWDZV2amCE6fGKa0XsMWYyvTSBtY=,tag:eJugFTJessDsh2O+ABqudg==,type:str]
+        email: ENC[AES256_GCM,data:jNOSn0u+dNFFwHE7mvWHCCrgzejk50/fWvU=,iv:ybcGyfQRz2PyBkG97RSsMnxjAoI4sNSoorfaIi7bbPs=,tag:Tu1W9qvcK28SIKJQx61A+Q==,type:str]
+    - namespace: ENC[AES256_GCM,data:WauSs8ZhtyePYX9xp0M+,iv:/95ErLaFoeW+O4PnXIlw3wpUH4ej6VUkbshgzlKpyZU=,tag:Q/Um3mUhrYARWvtTZd/V9A==,type:str]
+      secretname: ENC[AES256_GCM,data:90VB5ctxkEcJBKqhn9L2vHUM,iv:vUGM3NIyAVc5Bm1nadBE2Rwekyis+26r9f0vU4L9uUY=,tag:7CpPXOe35rIBZiYCY69FxA==,type:str]
+      dockerconfigjson:
+        registry: ENC[AES256_GCM,data:nAVl9uQ61OqlhQS1JpoNnPX+UGiFRnh06hDt7eOqQqfNWw==,iv:la+Q8H3ZETovGeGc0mbX4U8R+b5VGp8RyCm5nPCqE+E=,tag:6/BBPi2oeoHlLa2B0buVyQ==,type:str]
+        username: ENC[AES256_GCM,data:OfcRWXkFzIhA+1Nb9w==,iv:HqowSL9HGptkvlmLX0vzhZPwrnecTrCX8Q9nPtXPisc=,tag:RDyd7YAWH1++I5OgIC81qA==,type:str]
+        password: ENC[AES256_GCM,data:6f+36SV+YnBb4AXU8lgu92x2UraJSilg9Zf1zbNKXUKZZZLQGXr+ew==,iv:1UTEwwnG53VYrhNuWDZV2amCE6fGKa0XsMWYyvTSBtY=,tag:eJugFTJessDsh2O+ABqudg==,type:str]
+        email: ENC[AES256_GCM,data:jNOSn0u+dNFFwHE7mvWHCCrgzejk50/fWvU=,iv:ybcGyfQRz2PyBkG97RSsMnxjAoI4sNSoorfaIi7bbPs=,tag:Tu1W9qvcK28SIKJQx61A+Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-12-16T13:58:01Z"
-    mac: ENC[AES256_GCM,data:kmqpAUM330/UI33v5BwPa8VVIq9QS4qgMD+ki3swzO9DQMTdqo9gJCtPwomWW/1giT/nPoHaacM0WK2wwrKZi/cHkunlsC1tgeMknc9+1wnqOj4f13qY4FSRAhanDzadeTZa+LZsICS/yRaNqTg6QnABjMUIvdOhMUEcszRttuk=,iv:TQY5gkk35183ZXwx2vVmez/1lCAArOZ71FazVgTxt00=,tag:ylfg8CswaHbARxaeBE42rA==,type:str]
+    lastmodified: "2022-12-19T15:59:36Z"
+    mac: ENC[AES256_GCM,data:f24LyXfyQu91+no5yNNrXoud560A9QCzrkTiIClt6EzmbQYr3TK7VtnuSgrRKby58KPdXBq899k+mE3r7eYeFtxVlU+x4U5hDCnnJHfTBoxiUB7UtSYH1b4bGW+WTKsPI55ilYB1CFqIHt04pojn0d/aTTRgAyAcn1N9oYQI28g=,iv:1ki2V1DmaLDj+jcC9w1Tl8HpRcLIyp1NlsI6mXBSuPg=,tag:LU59ly65xBtuZMm792pj1g==,type:str]
     pgp:
         - created_at: "2022-12-16T13:57:31Z"
           enc: |
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
new file mode 100644
index 0000000..d3d0619
--- /dev/null
+++ b/templates/_helpers.tpl
@@ -0,0 +1,4 @@
+# https://helm.sh/docs/howto/charts_tips_and_tricks/#creating-image-pull-secrets
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .component.registry .component.username .component.password .component.email (printf "%s:%s" .component.username .component.password | b64enc) | b64enc }}
+{{- end }}
diff --git a/templates/harbor_imagepull.yaml b/templates/harbor_imagepull.yaml
new file mode 100644
index 0000000..61a1a72
--- /dev/null
+++ b/templates/harbor_imagepull.yaml
@@ -0,0 +1,13 @@
+{{ with .Values.imagePullCreds }}
+{{- range .Values.imagePullCreds }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .secretname }}
+  namespace: {{ .namespace }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" (dict "component" .dockerconfigjson ) }} 
+{{- end }}
+{{- end }}