diff --git a/charts/kyverno/templates/_helpers/_image.tpl b/charts/kyverno/templates/_helpers/_image.tpl index 87d6d3b608da..90f95d0c312e 100644 --- a/charts/kyverno/templates/_helpers/_image.tpl +++ b/charts/kyverno/templates/_helpers/_image.tpl @@ -5,8 +5,9 @@ {{- if not (typeIs "string" $tag) -}} {{ fail "Image tags must be strings." }} {{- end -}} -{{- if .image.registry -}} - {{- print .image.registry "/" (required "An image repository is required" .image.repository) ":" $tag -}} +{{- $imageRegistry := default .image.registry .globalRegistry -}} +{{- if $imageRegistry -}} + {{- print $imageRegistry "/" (required "An image repository is required" .image.repository) ":" $tag -}} {{- else -}} {{- print (required "An image repository is required" .image.repository) ":" $tag -}} {{- end -}} diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml index ae9c398fe427..42e3396ccfa7 100644 --- a/charts/kyverno/templates/admission-controller/deployment.yaml +++ b/charts/kyverno/templates/admission-controller/deployment.yaml @@ -78,7 +78,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} - name: kyverno-pre - image: {{ include "kyverno.image" (dict "image" .Values.admissionController.initContainer.image "defaultTag" (default .Chart.AppVersion .Values.admissionController.container.image.tag)) | quote }} + image: {{ include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.admissionController.initContainer.image "defaultTag" (default .Chart.AppVersion .Values.admissionController.container.image.tag)) | quote }} imagePullPolicy: {{ default .Values.admissionController.container.image.pullPolicy .Values.admissionController.initContainer.image.pullPolicy }} args: {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.admissionController.featuresOverride) @@ -124,7 +124,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} - name: kyverno - image: {{ include "kyverno.image" (dict "image" .Values.admissionController.container.image "defaultTag" .Chart.AppVersion) | quote }} + image: {{ include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.admissionController.container.image "defaultTag" .Chart.AppVersion) | quote }} imagePullPolicy: {{ .Values.admissionController.container.image.pullPolicy }} args: - --caSecretName={{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.kyverno-tls-ca diff --git a/charts/kyverno/templates/background-controller/_helpers.tpl b/charts/kyverno/templates/background-controller/_helpers.tpl index fe34496c6046..20d0fd788ef0 100644 --- a/charts/kyverno/templates/background-controller/_helpers.tpl +++ b/charts/kyverno/templates/background-controller/_helpers.tpl @@ -19,8 +19,9 @@ {{- end -}} {{- define "kyverno.background-controller.image" -}} -{{- if .image.registry -}} - {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} +{{- $imageRegistry := default .image.registry .globalRegistry -}} +{{- if $imageRegistry -}} + {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{- else -}} {{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{- end -}} diff --git a/charts/kyverno/templates/background-controller/deployment.yaml b/charts/kyverno/templates/background-controller/deployment.yaml index fbbb38cff65b..bb80f5f42fcd 100644 --- a/charts/kyverno/templates/background-controller/deployment.yaml +++ b/charts/kyverno/templates/background-controller/deployment.yaml @@ -76,7 +76,7 @@ spec: serviceAccountName: {{ template "kyverno.background-controller.serviceAccountName" . }} containers: - name: controller - image: {{ include "kyverno.background-controller.image" (dict "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }} + image: {{ include "kyverno.background-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }} imagePullPolicy: {{ .Values.backgroundController.image.pullPolicy }} ports: - containerPort: 9443 diff --git a/charts/kyverno/templates/cleanup-controller/_helpers.tpl b/charts/kyverno/templates/cleanup-controller/_helpers.tpl index c97ccdd311fc..f8da54e1929a 100644 --- a/charts/kyverno/templates/cleanup-controller/_helpers.tpl +++ b/charts/kyverno/templates/cleanup-controller/_helpers.tpl @@ -19,8 +19,9 @@ {{- end -}} {{- define "kyverno.cleanup-controller.image" -}} -{{- if .image.registry -}} - {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} +{{- $imageRegistry := default .image.registry .globalRegistry -}} +{{- if $imageRegistry -}} + {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{- else -}} {{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{- end -}} diff --git a/charts/kyverno/templates/cleanup-controller/deployment.yaml b/charts/kyverno/templates/cleanup-controller/deployment.yaml index ad8fb8817a2c..5f2a3d587b15 100644 --- a/charts/kyverno/templates/cleanup-controller/deployment.yaml +++ b/charts/kyverno/templates/cleanup-controller/deployment.yaml @@ -76,7 +76,7 @@ spec: serviceAccountName: {{ template "kyverno.cleanup-controller.serviceAccountName" . }} containers: - name: controller - image: {{ include "kyverno.cleanup-controller.image" (dict "image" .Values.cleanupController.image "defaultTag" .Chart.AppVersion) | quote }} + image: {{ include "kyverno.cleanup-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupController.image "defaultTag" .Chart.AppVersion) | quote }} imagePullPolicy: {{ .Values.cleanupController.image.pullPolicy }} ports: - containerPort: 9443 diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml index 1a39820b4d10..52a697f5de6c 100644 --- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml +++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: cleanup - image: {{ (include "kyverno.image" .Values.cleanupJobs.admissionReports) | quote }} + image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupJobs.admissionReports.image)) | quote }} imagePullPolicy: {{ .Values.cleanupJobs.admissionReports.image.pullPolicy }} command: - /bin/sh diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml index f67d8b0a7fbe..e5c50a5880a6 100644 --- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml +++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: cleanup - image: {{ (include "kyverno.image" .Values.cleanupJobs.clusterAdmissionReports) | quote }} + image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.cleanupJobs.clusterAdmissionReports.image)) | quote }} imagePullPolicy: {{ .Values.cleanupJobs.clusterAdmissionReports.image.pullPolicy }} command: - /bin/sh diff --git a/charts/kyverno/templates/hooks/pre-delete.yaml b/charts/kyverno/templates/hooks/pre-delete.yaml index ee2088aad385..f6bbb42cb110 100644 --- a/charts/kyverno/templates/hooks/pre-delete.yaml +++ b/charts/kyverno/templates/hooks/pre-delete.yaml @@ -26,7 +26,8 @@ spec: {{- end }} containers: - name: kubectl - image: {{ .Values.webhooksCleanup.image }} + image: {{ (include "kyverno.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.webhooksCleanup.image "defaultTag" (default .Chart.AppVersion .Values.webhooksCleanup.image.tag))) | quote }} + imagePullPolicy: {{ .Values.webhooksCleanup.image.pullPolicy }} command: - sh - '-c' diff --git a/charts/kyverno/templates/reports-controller/_helpers.tpl b/charts/kyverno/templates/reports-controller/_helpers.tpl index b09f5610e273..d5fd852be1ed 100644 --- a/charts/kyverno/templates/reports-controller/_helpers.tpl +++ b/charts/kyverno/templates/reports-controller/_helpers.tpl @@ -19,8 +19,9 @@ {{- end -}} {{- define "kyverno.reports-controller.image" -}} -{{- if .image.registry -}} - {{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} +{{- $imageRegistry := default .image.registry .globalRegistry -}} +{{- if $imageRegistry -}} + {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{- else -}} {{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{- end -}} diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml index b5ddd7748004..cdaa8c0dbc01 100644 --- a/charts/kyverno/templates/reports-controller/deployment.yaml +++ b/charts/kyverno/templates/reports-controller/deployment.yaml @@ -76,7 +76,7 @@ spec: serviceAccountName: {{ template "kyverno.reports-controller.serviceAccountName" . }} containers: - name: controller - image: {{ include "kyverno.reports-controller.image" (dict "image" .Values.reportsController.image "defaultTag" .Chart.AppVersion) | quote }} + image: {{ include "kyverno.reports-controller.image" (dict "globalRegistry" ((.Values.global).image).registry "image" .Values.reportsController.image "defaultTag" .Chart.AppVersion) | quote }} imagePullPolicy: {{ .Values.reportsController.image.pullPolicy }} ports: - containerPort: 9443 diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index d24130c90f0f..ff1ccb81a5b1 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -5,6 +5,11 @@ templating: debug: false version: ~ +# -- Global value that allows to set a single image registry across all deployments +global: + image: + registry: "ghcr.io" + # -- (string) Override the name of the chart nameOverride: ~ @@ -308,7 +313,17 @@ webhooksCleanup: enabled: true # -- `kubectl` image to run commands for deleting webhooks. - image: bitnami/kubectl:latest + image: + # -- (string) Image registry + registry: ~ + # -- Image repository + repository: bitnami/kubectl + # -- Image tag + # Defaults to `latest` if omitted + tag: '1.26.4' + # -- (string) Image pull policy + # Defaults to image.pullPolicy if omitted + pullPolicy: ~ # -- Image pull secrets imagePullSecrets: []