From 7616424161e3e46049520d27be7d13496bee7d96 Mon Sep 17 00:00:00 2001 From: Verdict-as-a-Service Team Date: Tue, 18 Jun 2024 19:17:49 +0200 Subject: [PATCH] after so much tries it finally happened --- charts/vaas/templates/gdscan/update.yaml | 30 +++++++++++------------- charts/vaas/values.yaml | 6 ++--- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/charts/vaas/templates/gdscan/update.yaml b/charts/vaas/templates/gdscan/update.yaml index b5d13c7..a232105 100644 --- a/charts/vaas/templates/gdscan/update.yaml +++ b/charts/vaas/templates/gdscan/update.yaml @@ -60,44 +60,43 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- include "gdscan.imagePullSecrets" . | nindent 10 }} - {{- if (include "gdscan.imagePullSecrets" . | fromYaml ).imagePullSecrets}} - {{- if (gt (len (include "gdscan.imagePullSecrets" . | fromYaml ).imagePullSecrets) 0) }} volumes: + - name: docker + emptyDir: {} {{- range (include "gdscan.imagePullSecrets" . | fromYaml ).imagePullSecrets }} - name: {{ .name }} secret: - secretName: {{ .name }} + secretName: {{ .name }} + items: + - key: .dockerconfigjson + path: {{ .name }}.json {{- end }} - {{- end }} - {{- end }} containers: - - name: kubectl + - name: updater image: "{{ .Values.gdscan.autoUpdate.image.registry }}/{{ .Values.gdscan.autoUpdate.image.repository }}:{{ .Values.gdscan.autoUpdate.image.tag }}" {{- if .Values.gdscan.autoUpdate.containerSecurityContext.enabled }} securityContext: {{- omit .Values.gdscan.autoUpdate.containerSecurityContext "enabled" | toYaml | nindent 16 }} {{- end }} - command: ["sh", "-c"] args: - | + set -xe {{- if and (.Values.gdscan.persistence.enabled) (eq .Values.gdscan.persistence.accessMode "ReadWriteOnce" ) }} RESOURCE="statefulset/{{ include "gdscan.fullname" . }}" {{- else }} RESOURCE="deployment/{{ include "gdscan.fullname" . }}" {{- end }} - LATEST=$(/app/get-latest-docker-tag {{ .Values.gdscan.client.image.repository }} {{ .Values.gdscan.autoUpdate.image.registry }} {{ .Values.gdscan.autoUpdate.image.tag }}) - IMAGE="{{ .Values.gdscan.autoUpdate.image.registry }}/{{ .Values.gdscan.autoUpdate.image.repository }}:$LATEST" + LATEST=$(/app/get-latest-docker-tag {{ .Values.gdscan.client.image.repository }} {{ .Values.gdscan.client.image.tag }}) + IMAGE="{{ .Values.gdscan.client.image.repository }}:$LATEST" echo "Setting image of $RESOURCE to $IMAGE" - #kubectl set-image -n {{ .Release.Namespace }} $RESOURCE $IMAGE - {{- if (include "gdscan.imagePullSecrets" . | fromYaml ).imagePullSecrets}} - {{- if (gt (len (include "gdscan.imagePullSecrets" . | fromYaml ).imagePullSecrets) 0) }} + kubectl set image -n {{ .Release.Namespace }} $RESOURCE client=$IMAGE volumeMounts: + - name: docker + mountPath: /home/appuser/.docker {{- range (include "gdscan.imagePullSecrets" . | fromYaml ).imagePullSecrets }} - name: {{ .name }} - mountPath: "/home/appuser/.image_pull_secrets/{{ .name }}" + mountPath: "/home/appuser/.image_pull_secrets/" {{- end }} - {{- end }} - {{- end }} {{- if .Values.gdscan.autoUpdate.networkPolicy.enabled }} --- apiVersion: networking.k8s.io/v1 @@ -118,4 +117,3 @@ spec: - port: 443 {{- end }} {{- end}} ---- diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml index bc7877d..64119e6 100644 --- a/charts/vaas/values.yaml +++ b/charts/vaas/values.yaml @@ -225,9 +225,9 @@ gdscan: autoUpdate: image: - registry: docker.io - repository: bitnami/kubectl - tag: "1.30" + registry: ghcr.io/gdatasoftwareag + repository: vaas/scanner-updater + tag: "0.4.1" containerSecurityContext: enabled: true readOnlyRootFilesystem: true