From 13e0bb8d68df12b8451b7318059d35f7eaa018b8 Mon Sep 17 00:00:00 2001
From: Dominik Kaminski <dominik.kaminski.extern@zendis.de>
Date: Mon, 30 Sep 2024 11:28:35 +0200
Subject: [PATCH] fix(helmfile): Check imagePullSecrets templates for all
 resources

---
 helmfile/apps/intercom-service/values.yaml.gotmpl | 15 +++++++++++++++
 helmfile/apps/jitsi/values-jitsi.yaml.gotmpl      |  5 +++++
 .../values-opendesk-customization.yaml.gotmpl     |  4 +++-
 .../apps/open-xchange/values-dovecot.yaml.gotmpl  |  6 ++----
 .../values-openxchange-bootstrap.yaml.gotmpl      | 10 +++++++---
 5 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/helmfile/apps/intercom-service/values.yaml.gotmpl b/helmfile/apps/intercom-service/values.yaml.gotmpl
index 694fb58d..01f8b651 100644
--- a/helmfile/apps/intercom-service/values.yaml.gotmpl
+++ b/helmfile/apps/intercom-service/values.yaml.gotmpl
@@ -97,6 +97,21 @@ provisioning:
       clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
       credentialSecret:
         key: "ics_secret"
+  image:
+    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
+    repository: {{ .Values.images.nubusWaitForDependency.repository | quote }}
+    tag: {{ .Values.images.nubusWaitForDependency.tag | quote }}
+  provisioningImage:
+    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
+    repository: {{ .Values.images.nubusKeycloakBootstrap.repository | quote }}
+    tag: {{ .Values.images.nubusKeycloakBootstrap.tag | quote }}
+  securityContext:
+    seccompProfile:
+      type: "RuntimeDefault"
+    seLinuxOptions:
+      {{ .Values.seLinuxOptions.intercom | toYaml | nindent 6 }}
 
 replicaCount: {{ .Values.replicas.intercomService }}
 
diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
index 85a6a042..5e2155a4 100644
--- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
@@ -52,6 +52,7 @@ jitsi:
     image:
       repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.jitsi.registry }}/{{ .Values.images.jitsi.repository }}"
       tag: {{ .Values.images.jitsi.tag | quote }}
+      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     ingress:
       enabled: {{ .Values.ingress.enabled }}
       ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
@@ -85,6 +86,7 @@ jitsi:
     image:
       repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.prosody.registry }}/{{ .Values.images.prosody.repository }}"
       tag: {{ .Values.images.prosody.tag | quote }}
+      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     imagePullSecrets:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . | quote }}
@@ -134,6 +136,7 @@ jitsi:
     image:
       repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.jicofo.registry }}/{{ .Values.images.jicofo.repository }}"
       tag: {{ .Values.images.jicofo.tag | quote }}
+      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     xmpp:
       password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
       componentSecret: {{ .Values.secrets.jitsi.jicofoComponentPassword | quote }}
@@ -156,6 +159,7 @@ jitsi:
     image:
       repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.jvb.registry }}/{{ .Values.images.jvb.repository }}"
       tag: {{ .Values.images.jvb.tag | quote }}
+      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     xmpp:
       password: {{ .Values.secrets.jitsi.jvbAuthPassword | quote }}
     resources:
@@ -179,6 +183,7 @@ jitsi:
     image:
       repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.jibri.registry }}/{{ .Values.images.jibri.repository }}"
       tag: {{ .Values.images.jibri.tag | quote }}
+      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     recorder:
       password: {{ .Values.secrets.jitsi.jibriRecorderPassword | quote }}
     xmpp:
diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
index e1c3ed93..162c50a9 100644
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -242,7 +242,9 @@ nubusPortalConsumer:
   portalConsumer:
     image:
       pullSecrets:
-        {{ .Values.global.imagePullSecrets | toYaml | nindent 8 }}
+        {{- range .Values.global.imagePullSecrets }}
+        - name: {{ . | quote }}
+        {{- end }}
   podAnnotations:
     intents.otterize.com/service-name: "ums-portal-consumer"
   replicaCount: {{ .Values.replicas.umsPortalConsumer }}
diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
index fc84e439..5f03f28f 100644
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -8,12 +8,10 @@ image:
   registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.dovecot.registry | quote }}
   repository: {{ .Values.images.dovecot.repository | quote }}
   tag: {{ .Values.images.dovecot.tag | quote }}
-  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 
 imagePullSecrets:
-{{- range .Values.global.imagePullSecrets }}
-  - name: {{ . | quote }}
-{{- end }}
+  {{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}
 
 dovecot:
   mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
diff --git a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
index 3ffc56fa..5c7c45d7 100644
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
@@ -8,6 +8,12 @@ cleanup:
   deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
   deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
 
+containerSecurityContext:
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.openxchangeBootstrap | toYaml | nindent 4 }}
+
 image:
   registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.openxchangeBootstrap.registry | quote }}
   url: {{ .Values.images.openxchangeBootstrap.repository | quote }}
@@ -15,9 +21,7 @@ image:
   imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 
 imagePullSecrets:
-{{- range .Values.global.imagePullSecrets }}
-  - name: {{ . | quote }}
-{{- end }}
+  {{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}
 
 podAnnotations:
   argocd.argoproj.io/hook: "Sync"