Add imagePullSecrets option to Helm Chart (#28783)

- Resolves #28776
- Includes example in values.yaml
- Added to deployment, migration, and cronjob for vulnprocessing

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>

charts/fleet/Chart.yaml

@@ -4,7 +4,7 @@ name: fleet
 keywords:
   - fleet
   - osquery
-version: v6.5.4
+version: v6.6.0
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git

charts/fleet/templates/cron-vulnprocessing.yaml

@@ -203,6 +203,10 @@ spec:
               runAsUser: {{ int64 .Values.fleet.securityContext.runAsUser }}
               runAsNonRoot: true
           {{- end }}
+          {{- with .Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12}}
+          {{- end }}
           serviceAccountName: fleet
           volumes:
             - name: tmp

charts/fleet/templates/deployment.yaml

@@ -370,6 +370,10 @@ spec:
       hostPID: false
       hostNetwork: false
       hostIPC: false
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8}}
+      {{- end }}
       serviceAccountName: fleet
       {{- if or (.Values.fleet.tls.enabled) (.Values.database.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
       volumes:

charts/fleet/templates/job-migration.yaml

@@ -164,6 +164,10 @@ spec:
           runAsUser: {{ int64 .Values.fleet.securityContext.runAsUser }}
           runAsNonRoot: true
       {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8}}
+      {{- end }}
       serviceAccountName: fleet
       volumes:
         {{- if .Values.database.tls.enabled }}

charts/fleet/templates/rbac.yaml

@@ -22,6 +22,9 @@ rules:
   - {{ .Values.cache.secretName }}
   - {{ .Values.fleet.secretName }}
   - {{ .Values.osquery.secretName }}
+  {{- range .Values.imagePullSecrets }}
+  - {{ .name }}
+  {{- end }}
   verbs:
   - get
 ---

charts/fleet/values.yaml

@@ -4,6 +4,10 @@ hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
 imageTag: v4.67.2 # Version of Fleet to deploy
+# imagePullSecrets is optional.
+# imagePullSecrets:
+#   - name: docker
+#   - name: internal
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAnnotations: {} # Additional annotations to add to the Fleet service
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account