fixes the secret handling

you either have to configure a dockerjsonconfig or a global.imagepullsecrets

but when you configure both, both are added to the imagepullsecrets in the deployments and stateful-sets

.gitignore

@@ -8,4 +8,5 @@
 *.tgz
 .fleet/
 .output/
-Chart.lock
+Chart.lock
+tmp/

charts/vaas/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 1.8.0
+version: 1.9.0
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG

charts/vaas/templates/gateway/_helpers.tpl

@@ -24,14 +24,17 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 
 {{- define "gateway.imagePullSecrets" -}}
+{{- if or (gt (len .Values.global.imagePullSecrets) 0) (.Values.global.secret.dockerconfigjson) -}}
 imagePullSecrets:
   {{- range .Values.global.imagePullSecrets }}
   - name: {{ . }}
-  {{- end }}
-  {{- if .Values.imagePullSecret }}
-  - name: {{ .Release.Name }}-registry-secret
-  {{- end }}
+  {{- end -}}
+  {{- if (.Values.global.secret).dockerconfigjson }}
+  - name: registry
+  {{- end -}}
 {{- end -}}
+{{ end -}}
+
 
 {{/*
 Create chart name and version as used by the chart label.

charts/vaas/templates/gateway/secret.yaml

@@ -1,10 +1,22 @@
-{{- if .Values.global.imagePullSecrets }}
+{{- if and (not .Values.global.imagePullSecrets) (not .Values.global.imagePullSecret)}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: registry
   namespace: {{ .Release.Namespace }}
 data:
-  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" .Values.global.secret.dockerconfigjson }}
+  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" (.Values.global.secret).dockerconfigjson }}
 type: kubernetes.io/dockerconfigjson
+{{- end -}}
+{{- if or (.Values.global.imagePullSecrets) (.Values.global.imagePullSecret)}}
+{{- if (.Values.global.secret).dockerconfigjson }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry
+  namespace: {{ .Release.Namespace }}
+data:
+  .dockerconfigjson: {{ .Values.global.secret.dockerconfigjson }}
+type: kubernetes.io/dockerconfigjson
+{{- end -}}
 {{- end -}}

charts/vaas/templates/gdscan/_helpers.tpl

@@ -43,15 +43,19 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
 {{- define "gdscan.imagePullSecrets" -}}
-
-{{- $imagePullSecrets := concat (((.Values.global | default dict).imagePullSecrets)| default list) (.Values.gdscan.imagePullSecrets | default list) -}}
-{{- if gt (len $imagePullSecrets) 0 -}}
+{{- if or (gt (len .Values.global.imagePullSecrets) 0) (gt (len .Values.gdscan.imagePullSecrets) 0) ((.Values.global.secret).dockerconfigjson)  -}}
 imagePullSecrets:
-  {{- range $imagePullSecrets }}
+  {{- range .Values.global.imagePullSecrets }}
   - name: {{ . }}
-  {{- end }}
-{{- end }}
-{{- end }}
+  {{- end -}}
+  {{- range .Values.gdscan.imagePullSecrets }}
+  - name: {{ . }}
+  {{- end -}}
+  {{- if (.Values.global.secret).dockerconfigjson }}
+  - name: gdscanregistry
+  {{- end -}}
+{{- end -}}
+{{ end -}}
 
 {{/*
 Selector labels

charts/vaas/templates/gdscan/secret.yaml

@@ -1,10 +1,22 @@
-{{- if .Values.global.imagePullSecrets }}
+{{- if and (not .Values.global.imagePullSecrets) (not .Values.global.imagePullSecret) (not .Values.gdscan.imagePullSecret)}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: gdscanregistry
   namespace: {{ .Release.Namespace }}
 data:
-  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" .Values.global.secret.dockerconfigjson }}
+  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" (.Values.global.secret).dockerconfigjson }}
 type: kubernetes.io/dockerconfigjson
+{{- end -}}
+{{- if or (.Values.global.imagePullSecrets) (.Values.global.imagePullSecret)}}
+{{- if (.Values.global.secret).dockerconfigjson }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gdscanregistry
+  namespace: {{ .Release.Namespace }}
+data:
+  .dockerconfigjson: {{ .Values.global.secret.dockerconfigjson }}
+type: kubernetes.io/dockerconfigjson
+{{- end -}}
 {{- end -}}

charts/vaas/values.yaml

@@ -147,6 +147,7 @@ gateway:
   gdscanUrl: "http://gdscan:8080/scan/body"
 
 gdscan:
+  imagePullSecrets: []
   replicaCount: 1
   deploymentStrategy: "RollingUpdate"
   client: