Issues while attempting to use private registry for my images

SmartGuyy commented 1 year ago

Hello,

I recently tried to install this helm chart in my cluster. This cluster cannot contact internet and so we have to use a private registry where we have all the images.

I noticed few abnomalies :

imagePullSecret for the "job-create-gpg" isn't present in the template, so it cannot retrieve the image.
there isn't a "imageRegistry" global setting for the images
some deployments/sts (mariadb and redis-sentinel) doesn't take the name/tag of the image from the values, they are trying to get it from a public registry.

Here is my config (all variables are correctly substitued in my pipeline) :

## Passbolt configuration
## Ref: https://github.com/passbolt/charts-passbolt/blob/main/values.yaml
##

imagePullSecrets:
  - name: xxx-registry
imageRegistry: ${CI_REGISTRY}
app:
  initImage:
    imagePullSecrets:
      - name: xxx-registry
    # -- Configure pasbolt deployment init container image client for database
    client: mariadb
    # -- Configure pasbolt deployment image pullPolicy
    pullPolicy: IfNotPresent
    # -- Configure pasbolt deployment image repsitory
    repository: ${MARIADB_IMAGE_REPO}
    # -- Overrides the image tag whose default is the chart appVersion.
    tag: ${MARIADB_IMAGE_TAG}
  image:
    imagePullSecrets:
      - name: xxx-registry
    # -- Configure pasbolt deployment image repsitory
    repository: ${PASSBOLT_IMAGE_REPO}
    # -- Overrides the image tag whose default is the chart appVersion.
    tag: ${PASSBOLT_IMAGE_TAG}
  cache:
    # Use CACHE_CAKE_DEFAULT_* variables to configure the connection to redis instance
    # on the passboltEnv configuration section
    redis:
      # -- By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php
      # That instructs passbolt to store sessions on redis and to use it as a general cache.
      enabled: true
      sentinelProxy:
        # -- Inject a haproxy sidecar container configured as a proxy to redis sentinel
        # Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy
        enabled: true
        # -- Configure redis sentinel proxy image
        image:
          imagePullSecrets:
            - name: xxx-registry
          # -- Configure redis sentinel image repository
          repository: ${REDIS_IMAGE_REPO}
          # -- Configure redis sentinel image tag
          tag: ${REDIS_IMAGE_TAG}
mariadb:
  # -- Configure mariadb architecture
  architecture: replication
  auth:
    # -- Configure mariadb auth root password
    rootPassword: ${MARIADB_ROOT_PASSWORD}
    # -- Configure mariadb auth username
    username: ${MARIADB_AUTH_USERNAME}
    # -- Configure mariadb auth password
    password: ${MARIADB_AUTH_PASSWORD}
    # -- Configure mariadb auth replicationPassword
    replicationPassword: ${MARIADB_AUTH_REPLICATION_PASSWORD}
  # -- Configure parameters for the primary instance.
  primary:
    # -- Configure persistence options.
    persistence:
      # -- Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
      enabled: true
      # -- Primary persistent volume storage Class
      storageClass: "longhorn"
      # -- Primary persistent volume size
      size: ${PASSBOLT_PVC_SIZE}
  # -- Configure parameters for the secondary instance.
  secondary:
    # -- Configure persistence options.
    persistence:
      # -- Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
      enabled: true
      # -- Secondary persistent volume storage Class
      storageClass: "longhorn"
      # -- Secondary persistent volume size
      size: ${PASSBOLT_PVC_SIZE}
passboltEnv:
  plain:
    # -- Kubectl download command
    KUBECTL_DOWNLOAD_CMD: ${KUBECTL_DOWNLOAD_CMD}
    # -- Configure passbolt default email from
    EMAIL_DEFAULT_FROM: ${EMAIL_DEFAULT_FROM}
    # -- Configure passbolt default email host
    EMAIL_TRANSPORT_DEFAULT_HOST: ${EMAIL_TRANSPORT_DEFAULT_HOST}
    # -- Toggle passbolt tls
    EMAIL_TRANSPORT_DEFAULT_TLS: true
  secret:
    # -- Configure passbolt cake cache password
    CACHE_CAKE_DEFAULT_PASSWORD: ${CACHE_CAKE_DEFAULT_PASSWORD}
    # -- Configure passbolt default database password
    DATASOURCES_DEFAULT_PASSWORD: ${DATASOURCES_DEFAULT_PASSWORD}
    # -- Configure passbolt default database username
    DATASOURCES_DEFAULT_USERNAME: ${DATASOURCES_DEFAULT_USERNAME}
    # -- Configure passbolt default email service username
    EMAIL_TRANSPORT_DEFAULT_USERNAME: ${EMAIL_TRANSPORT_DEFAULT_USERNAME}
    # -- Configure passbolt default email service password
    EMAIL_TRANSPORT_DEFAULT_PASSWORD: ${EMAIL_TRANSPORT_DEFAULT_PASSWORD}
redis:
  auth:
    # -- Enable redis authentication
    enabled: true
    # -- Configure redis password
    password: ${REDIS_PASSWORD}
  sentinel:
    # -- Enable redis sentinel
    enabled: true

dlen commented 1 year ago

Hello!

Thanks for the heads up we will include support for private registries in the next release.

SmartGuyy commented 1 year ago

Thanks for your reply @dlen , do you know approximately when it will be released ? Just to know if we wait a bit before migrating or if we install/customize manually

dlen commented 1 year ago

I will have bandwidth next week to make a new release

passbolt / charts-passbolt

Issues while attempting to use private registry for my images #49