fix(helm)!: docker image values adopted to skaffold

Signed-off-by: Ievgenii Shepeliuk <[email protected]>

.github/workflows/build.yaml

@@ -30,4 +30,4 @@ jobs:
           skipClusterCreation: true
       - run: |
           just k3d
-          just build
+          just up

.gitignore

@@ -3,5 +3,3 @@ bin
 *.tgz
 skaffold.json
 
-
-

charts/opa/README.md

@@ -76,8 +76,8 @@ Reference](https://www.openpolicyagent.org/docs/configuration.html).
 | `podDisruptionBudget.minAvailable` | Sets the minimum number of pods to be available. Cannot be set at the same time as maxUnavailable. | `1` |
 | `podDisruptionBudget.maxUnavailable` | Sets the maximum number of pods to be unavailable. Cannot be set at the same time as minAvailable. | Unset |
 | `hostNetwork.enabled` | Use hostNetwork setting on OPA pod | `false` |
-| `image` | OPA image to deploy. | `openpolicyagent/opa` |
-| `imageTag` | OPA image tag to deploy. | See [values.yaml](values.yaml) |
+| `image.repository` | OPA image to deploy. | `openpolicyagent/opa` |
+| `image.tag` | OPA image tag to deploy. | See [values.yaml](values.yaml) |
 | `port` | Port in the pod to which OPA will bind itself. | `443` |
 | `logLevel` | Log level that OPA outputs at, (`debug`, `info` or `error`) | `info` |
 | `logFormat` | Log format that OPA produces (`text` or `json`) | `text` |

charts/opa/templates/_helpers.tpl

@@ -102,3 +102,8 @@ admissionregistration.k8s.io/v1
 admissionregistration.k8s.io/v1beta1
 {{- end -}}
 {{- end -}}
+
+{{- define "opa.mgmt.image" -}}
+{{- $tag := .Values.mgmt.image.tag | default .Chart.AppVersion -}}
+{{ printf "%s:%s" .Values.mgmt.image.repository $tag }}
+{{- end -}}

charts/opa/templates/deployment.yaml

@@ -43,8 +43,8 @@ spec:
 {{- if or .Values.authz.enabled .Values.bootstrapPolicies}}
       initContainers:
         - name: initpolicy
-          image: {{ .Values.mgmt.image }}:{{ coalesce .Values.mgmt.imageTag .Chart.AppVersion }}
-          imagePullPolicy: {{ .Values.mgmt.imagePullPolicy }}
+          image: {{ include "opa.mgmt.image" . }}
+          imagePullPolicy: {{ .Values.mgmt.image.pullPolicy }}
           resources:
 {{ toYaml .Values.mgmt.resources | indent 12 }}
           command:
@@ -90,8 +90,8 @@ spec:
           - name: http
             containerPort: {{ .Values.mgmt.port }}
 {{- end }}
-          image: {{ .Values.image }}:{{ .Values.imageTag }}
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
 {{- if .Values.extraEnv }}        
 {{ toYaml .Values.extraEnv | indent 12 }}
@@ -155,8 +155,8 @@ spec:
             periodSeconds: 15
 {{- if .Values.mgmt.enabled }}
         - name: mgmt
-          image: {{ .Values.mgmt.image }}:{{ coalesce .Values.mgmt.imageTag .Chart.AppVersion }}
-          imagePullPolicy: {{ .Values.mgmt.imagePullPolicy }}
+          image: {{ include "opa.mgmt.image" . }}
+          imagePullPolicy: {{ .Values.mgmt.image.pullPolicy }}
           env:
 {{- if .Values.mgmt.extraEnv }}        
 {{ toYaml .Values.mgmt.extraEnv | indent 12 }}
@@ -193,8 +193,8 @@ spec:
 {{- end }}
 {{- if .Values.sar.enabled }}
         - name: sarproxy
-          image: {{ .Values.sar.image }}:{{ .Values.sar.imageTag }}
-          imagePullPolicy: {{ .Values.sar.imagePullPolicy }}
+          image: {{ .Values.sar.image.repository }}:{{ .Values.sar.image.tag }}
+          imagePullPolicy: {{ .Values.sar.image.pullPolicy }}
           resources:
 {{ toYaml .Values.sar.resources | indent 12 }}
           command:

charts/opa/values.yaml

@@ -116,9 +116,10 @@ hostNetwork:
   enabled: false
 
 # Docker image and tag to deploy.
-image: openpolicyagent/opa
-imageTag: 0.37.0
-imagePullPolicy: IfNotPresent
+image: 
+  repository: openpolicyagent/opa
+  tag: 0.37.0
+  pullPolicy: IfNotPresent
 
 # One or more secrets to be used when pulling images
 imagePullSecrets: []
@@ -136,9 +137,10 @@ extraEnv: []
 
 mgmt:
   enabled: false
-  image: openpolicyagent/kube-mgmt
-  imageTag: null # appVersion is used by default, set to desired value to override
-  imagePullPolicy: IfNotPresent
+  image: 
+    repository: openpolicyagent/kube-mgmt
+    tag: null # appVersion is used by default, set to desired value to override
+    pullPolicy: IfNotPresent      
 # NOTE insecure http port conjointly used for mgmt access and prometheus metrics export
   port: 8181
   extraArgs: []
@@ -215,9 +217,10 @@ serviceAccount:
 # Kubernetes API. You can get a rego function at github.com/open-policy-agent/library
 sar:
   enabled: false
-  image: lachlanevenson/k8s-kubectl
-  imageTag: latest
-  imagePullPolicy: IfNotPresent
+  image: 
+    repository: lachlanevenson/k8s-kubectl
+    tag: latest
+    pullPolicy: IfNotPresent
   resources: {}
 
 # Set a priorityClass using priorityClassName

justfile

@@ -34,8 +34,13 @@ test: test-helm test-e2e
     k3d cluster delete kube-mgmt || true
     k3d cluster create --config ./test/e2e/k3d.yaml
 
-# @up: skaffold-ctx build
-#     skaffold run
-# 
-# @down:
-#     skaffold delete || true
+# render k8s manifests
+@template:
+    skaffold render -a skaffold.json
+
+@up: skaffold-ctx
+    skaffold run
+
+@down:
+    skaffold delete || true
+

skaffold.yaml

@@ -1,7 +1,7 @@
 apiVersion: skaffold/v2beta19
 kind: Config
 metadata:
-  name: kube-mgmt
+  name: opa
 build:
   artifacts:
     - image: openpolicyagent/kube-mgmt
@@ -20,12 +20,12 @@ profiles:
     deploy:
       helm:
         releases:
-          - name: kube-mgmt
+          - name: opa
             chartPath: charts/opa
             wait: true
             upgradeOnChange: false
             skipBuildDependencies: true
             artifactOverrides:
-              image: openpolicyagent/kube-mgmt
+              mgmt.image: openpolicyagent/kube-mgmt
             imageStrategy:
               helm: {}