DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow pulling images by digest

Browse source 
The digest uniquely identifies a specific version of the image, so it is
never updated by Kubernetes unless you change the digest value. This is
desirable for security to gain confidence that no unvetted changes are
pulled to a deployment.
This commit is contained in:
Graham McGregor 2020-05-20 11:34:18 -04:00
parent 0cbe783f43
commit 2205edb16b
7 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
View file

@ -32,7 +32,9 @@ spec:
{{- end }}
containers:
- name: create
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args:
- create

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View file

@ -32,7 +32,9 @@ spec:
{{- end }}
containers:
- name: patch
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args:
- patch

4
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -47,7 +47,9 @@ spec:
{{- end }}
containers:
- name: controller
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
{{- with .Values.controller.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}

4
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -51,7 +51,9 @@ spec:
{{- end }}
containers:
- name: controller
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
{{- with .Values.controller.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}

4
charts/ingress-nginx/templates/default-backend-deployment.yaml
View file

@ -36,7 +36,9 @@ spec:
{{- end }}
containers:
- name: {{ template "ingress-nginx.name" . }}-default-backend
image: {{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
{{- with .Values.defaultBackend.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
{{- if .Values.defaultBackend.extraArgs }}
args: