openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
83ec889f06
openova/platform/crossplane-claims/chart/values.yaml
e3mrah 83ec889f06
feat(platform): add global.imageRegistry to remaining bp-* charts + bp-catalyst-platform (PR 3/3, #560) (#580) 
Charts bumped:
- bp-keycloak 1.2.0 -> 1.2.1 (subchart stub; per-component image.registry knobs documented)
- bp-crossplane 1.1.3 -> 1.1.4 (subchart stub)
- bp-crossplane-claims 1.1.0 -> 1.1.1 (global.kubectlImage added; kubectl Job image templated; Hetzner ubuntu-24.04 server images intentionally untouched)
- bp-velero 1.2.0 -> 1.2.1 (subchart stub)
- bp-kyverno 1.0.0 -> 1.0.1 (subchart stub; per-controller image.registry knobs documented)
- bp-trivy 1.0.0 -> 1.0.1 (subchart stub; both operator + scanner image.registry knobs documented)
- bp-grafana 1.0.0 -> 1.0.1 (subchart stub)
- bp-flux 1.1.3 -> 1.1.4 (subchart stub; per-controller image.repository knobs documented)
- bp-catalyst-platform 1.1.13 -> 1.1.14 (global.imageRegistry + images.{catalystApi,catalystUi,marketplaceApi,console,smeTag} added; all 14 Catalyst-authored image refs templated: catalyst-api, catalyst-ui, marketplace-api, console + 10 SME services)

Post-handover per-Sovereign overlays set global.imageRegistry to harbor.<sovereign-fqdn> so every container image pull routes through the Sovereign's own Harbor proxy_cache.

Closes (partial): issue #560 — all 23 bp-* charts now carry global.imageRegistry

Co-authored-by: alierenbaysal <alierenbaysal@openova.io>
2026-05-02 13:21:53 +04:00

36 lines
1.6 KiB
YAML
Raw Blame History

# bp-crossplane-claims has no operator-tunable values for the
# core compose.openova.io/v1alpha1 family — those XRDs and Compositions
# are static manifests with no Go-template substitutions. This file
# exists so `helm template` and the CI smoke render have an explicit
# defaults document; future per-Sovereign overrides (e.g.
# defaultCompositionRef swaps for a non-Hetzner cloud) would land here.
global:
# When set, ALL Docker image pulls in this chart route through this registry.
# Used post-handover when the Sovereign's own Harbor takes over the proxy_cache
# role from contabo's central Harbor. Empty = no rewrite. Tracked under #560.
#
# NOTE: Hetzner cloud server images (e.g. ubuntu-24.04 in Crossplane Server
# resources) are NOT Docker images and MUST NOT be registry-prefixed.
# Only the kubectl Job container image is affected by this knob.
imageRegistry: ""
# kubectl container image used in XNodeActionClaim Jobs.
# Repository and tag are separately configurable so post-handover per-Sovereign
# overlays can point at a Harbor-cached copy without rebuilding this Blueprint.
kubectlImage:
repository: bitnami/kubectl
tag: "1.31"
catalystBlueprint:
upstream: null
# Sovereign IAM access plane (epic #320). Renders the
# access.openova.io/v1alpha1 XUserAccess XRD, its Composition, and the
# three canonical openova:application-{admin,editor,viewer} ClusterRoles
# that the Composition's RoleBindings reference. Default-on; toggle-off
# is reserved for the rare case where a Sovereign uses an external IAM
# stack and does not consume the Catalyst access plane.
userAccess:
enabled: true
Reference in New Issue View Git Blame Copy Permalink