Customized pullPolicy for verifier, tenant, registrar and agent

Signed-off-by: Marcio Silva <[email protected]>
keylime · Feb 1, 2024 · 0c904f8 · 0c904f8
1 parent e241be3
commit 0c904f8
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 17 deletions.
diff --git a/Makefile b/Makefile
@@ -231,22 +231,22 @@ helm-keylime-clean: ## Cleans the packaged keylime helm chart
 .PHONY: helm-keylime-undeploy
 helm-keylime-undeploy: ## Undeploy the keylime helm chart
 	{ \
-	helm list --namespace $(HELM_CHART_NAMESPACE) | grep -q $(HELM_CHART_RELEASE_NAME) &&\
-	helm uninstall $(HELM_CHART_RELEASE_NAME) --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get persistentvolumeclaim/data-$(HELM_CHART_RELEASE_NAME)-mysql-0 --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete persistentvolumeclaim/data-$(HELM_CHART_RELEASE_NAME)-mysql-0 --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get secret/$(HELM_CHART_RELEASE_NAME)-keylime-ca-password --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-ca-password --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get secret/$(HELM_CHART_RELEASE_NAME)-keylime-mysql-password --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-mysql-password --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get secret/$(HELM_CHART_RELEASE_NAME)-keylime-certs --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-certs --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-cert-store --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-cert-store --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-extra-cert-store --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-extra-cert-store --namespace $(HELM_CHART_NAMESPACE);\
-	kubectl get job/$(HELM_CHART_RELEASE_NAME)-keylime-init-ca --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
-	kubectl delete job/$(HELM_CHART_RELEASE_NAME)-keylime-init-ca --namespace $(HELM_CHART_NAMESPACE);\
+	helm list --namespace $(HELM_CHART_NAMESPACE) --kubeconfig $(HELM_CHART_KUBECONFIG) | grep -q $(HELM_CHART_RELEASE_NAME) &&\
+	helm uninstall $(HELM_CHART_RELEASE_NAME) --namespace $(HELM_CHART_NAMESPACE) --kubeconfig $(HELM_CHART_KUBECONFIG);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get persistentvolumeclaim/data-$(HELM_CHART_RELEASE_NAME)-mysql-0 --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete persistentvolumeclaim/data-$(HELM_CHART_RELEASE_NAME)-mysql-0 --namespace $(HELM_CHART_NAMESPACE);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get secret/$(HELM_CHART_RELEASE_NAME)-keylime-ca-password --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-ca-password --namespace $(HELM_CHART_NAMESPACE);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get secret/$(HELM_CHART_RELEASE_NAME)-keylime-mysql-password --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-mysql-password --namespace $(HELM_CHART_NAMESPACE);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get secret/$(HELM_CHART_RELEASE_NAME)-keylime-certs --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-certs --namespace $(HELM_CHART_NAMESPACE);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-cert-store --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-cert-store --namespace $(HELM_CHART_NAMESPACE);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-extra-cert-store --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete secret/$(HELM_CHART_RELEASE_NAME)-keylime-tpm-extra-cert-store --namespace $(HELM_CHART_NAMESPACE);\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) get job/$(HELM_CHART_RELEASE_NAME)-keylime-init-ca --namespace $(HELM_CHART_NAMESPACE) > /dev/null 2>&1 &&\
+	kubectl --kubeconfig $(HELM_CHART_KUBECONFIG) delete job/$(HELM_CHART_RELEASE_NAME)-keylime-init-ca --namespace $(HELM_CHART_NAMESPACE);\
 	rm -f $(MKFILE_DIR)/kt;\
 	}
 

diff --git a/build/helm/keylime/charts/keylime-agent/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-agent/templates/_helpers.tpl
@@ -135,6 +135,17 @@ Define a custom init image tag.
 {{- end }}
 {{- end }}
 
+{{/*
+Define a custom image pullpolicy.
+*/}}
+{{- define "agent.image.pullPolicy" -}}
+{{- if .Values.global.service.agent.image.pullPolicy }}
+{{- toYaml .Values.global.service.agent.image.pullPolicy }}
+{{- else }}
+{{- toYaml .Values.image.pullPolicy }}
+{{- end }}
+{{- end }}
+
 {{/*
 Define a custom plugin image repository.
 */}}

diff --git a/build/helm/keylime/charts/keylime-registrar/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-registrar/templates/_helpers.tpl
@@ -157,7 +157,6 @@ Will expand a whole 'storageClassName: <entry>' section, or nothing if the setti
 {{- end }}
 {{- end }}
 
-
 {{/*
 Define a custom image repository.
 */}}
@@ -179,3 +178,14 @@ Define a custom image tag.
 {{- toYaml .Chart.AppVersion }}
 {{- end }}
 {{- end }}
+
+{{/*
+Define a custom image pullpolicy.
+*/}}
+{{- define "registrar.image.pullPolicy" -}}
+{{- if .Values.global.service.registrar.image.pullPolicy }}
+{{- toYaml .Values.global.service.registrar.image.pullPolicy }}
+{{- else }}
+{{- toYaml .Values.image.pullPolicy }}
+{{- end }}
+{{- end }}
diff --git a/build/helm/keylime/charts/keylime-tenant/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-tenant/templates/_helpers.tpl
@@ -115,3 +115,14 @@ Define a custom image tag.
 {{- toYaml .Chart.AppVersion }}
 {{- end }}
 {{- end }}
+
+{{/*
+Define a custom image pullpolicy.
+*/}}
+{{- define "tenant.image.pullPolicy" -}}
+{{- if .Values.global.service.tenant.image.pullPolicy }}
+{{- toYaml .Values.global.service.tenant.image.pullPolicy }}
+{{- else }}
+{{- toYaml .Values.image.pullPolicy }}
+{{- end }}
+{{- end }}
diff --git a/build/helm/keylime/charts/keylime-verifier/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-verifier/templates/_helpers.tpl
@@ -167,3 +167,14 @@ Define a custom image tag.
 {{- toYaml .Chart.AppVersion }}
 {{- end }}
 {{- end }}
+
+{{/*
+Define a custom image pullpolicy.
+*/}}
+{{- define "verifier.image.pullPolicy" -}}
+{{- if .Values.global.service.verifier.image.pullPolicy }}
+{{- toYaml .Values.global.service.verifier.image.pullPolicy }}
+{{- else }}
+{{- toYaml .Values.image.pullPolicy }}
+{{- end }}
+{{- end }}
diff --git a/build/helm/keylime/templates/_helpers.tpl b/build/helm/keylime/templates/_helpers.tpl
@@ -144,3 +144,4 @@ Always expands to the name of the secret used for the TPM cert store when the in
 {{- define "keylime.tpmCertStore.extrasecret" -}}
 {{- printf "%s-%s" .Release.Name "keylime-tpm-extra-cert-store" | trunc 63 | trimSuffix "-" }}
 {{- end }}
+
diff --git a/build/helm/keylime/values.yaml b/build/helm/keylime/values.yaml
@@ -161,11 +161,15 @@ global:
       # Default image is the from quay, default tag is tag the chart appVersion
       image:
         repository: quay.io/keylime/keylime_tenant
+      # Default image pull policy
+        pullPolicy: IfNotPresent
     # registrar options
     registrar:
       # Default image is the from quay, default tag is tag the chart appVersion
       image:
         repository: quay.io/keylime/keylime_registrar
+      # Default image pull policy
+        pullPolicy: IfNotPresent
       # number of replicas, with default 1. IMPORTANT: if "sqlite" database backend is selected, then this value will be ignored and 1 will be used instead
       replicas: 1
       # type of service, with "ClusterIP" as default. Switch to "NodePort" or "LoadBalancer" to allow
@@ -178,6 +182,8 @@ global:
       # Default image is the from quay, default tag is tag the chart appVersion
       image:
         repository: quay.io/keylime/keylime_verifier
+      # Default image pull policy
+        pullPolicy: IfNotPresent
       #  number of replicas, with default 1. IMPORTANT: if "sqlite" database backend is selected, then this value will be ignored and 1 will be used instead
       replicas: 1
       # type of service, with "ClusterIP" as default. Switch to "NodePort" or "LoadBalancer" to allow
@@ -190,6 +196,8 @@ global:
         repository: quay.io/keylime/keylime_tenant
       image:
         repository: quay.io/keylime/keylime_agent
+      # Default image pull policy
+        pullPolicy: IfNotPresent
       # the device plugin image is used when deploying unprivileged agents
       pluginImage:
         repository: ghcr.io/keylime/k8s-tpm-device-plugin
Original file line number	Diff line number	Diff line change
Expand Up		@@ -144,3 +144,4 @@ Always expands to the name of the secret used for the TPM cert store when the in
		{{- define "keylime.tpmCertStore.extrasecret" -}}
		{{- printf "%s-%s" .Release.Name "keylime-tpm-extra-cert-store" \| trunc 63 \| trimSuffix "-" }}
		{{- end }}