[chart] use the ubi image to perform secret validation

.chloggen/useubiforsecretvalidation.yaml

@@ -0,0 +1,12 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+# The name of the component, or a single word describing the area of concern, (e.g. agent, clusterReceiver, gateway, operator, chart, other)
+component: chart
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Offer to use the UBI image to perform secret validation
+# One or more tracking issues related to the change
+issues: [1635]
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

examples/secret-validation/rendered_manifests/secret-splunk-validation-hook.yaml

@@ -20,7 +20,7 @@ spec:
   restartPolicy: Never
   containers:
   - name: validate-secret
-    image: quay.io/signalfx/splunk-otel-collector:0.117.0
+    image: registry.access.redhat.com/ubi9/ubi
     imagePullPolicy: IfNotPresent
     command: ["sh", "-c"]
     args:

helm-charts/splunk-otel-collector/templates/_helpers.tpl

@@ -220,6 +220,13 @@ Create the patch-log-dirs image name.
 {{- printf "%s:%s" .Values.image.initPatchLogDirs.repository .Values.image.initPatchLogDirs.tag | trimSuffix ":" -}}
 {{- end -}}
 
+{{/*
+Create the validateSecret image name.
+*/}}
+{{- define "splunk-otel-collector.image.validateSecret" -}}
+{{- printf "%s:%s" .Values.image.initPatchLogDirs.repository .Values.image.initPatchLogDirs.tag | trimSuffix ":" -}}
+{{- end -}}
+
 {{/*
   This helper converts the input value of memory to MiB.
   Input needs to be a valid value as supported by k8s memory resource field.

helm-charts/splunk-otel-collector/templates/secret-splunk-validation-hook.yaml

@@ -15,8 +15,8 @@ spec:
   restartPolicy: Never
   containers:
   - name: validate-secret
-    image: {{ template "splunk-otel-collector.image.otelcol" . }}
-    imagePullPolicy: {{ .Values.image.otelcol.pullPolicy }}
+    image: {{ template "splunk-otel-collector.image.validateSecret" . }}
+    imagePullPolicy: {{ .Values.image.validateSecret.pullPolicy }}
     command: ["sh", "-c"]
     args:
       - if [ "{{ include "splunk-otel-collector.splunkO11yEnabled" . }}" = "true" ] && [ ! -f /otel/secret/splunk_observability_access_token ]; then

helm-charts/splunk-otel-collector/values.schema.json

@@ -1123,6 +1123,26 @@
               ]
             }
           }
+        },
+        "validateSecret": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "repository": {
+              "type": "string"
+            },
+            "tag": {
+              "type": "string"
+            },
+            "pullPolicy": {
+              "type": "string",
+              "enum": [
+                "IfNotPresent",
+                "Always",
+                "Never"
+              ]
+            }
+          }
         }
       }
     },

helm-charts/splunk-otel-collector/values.yaml

@@ -975,6 +975,16 @@ image:
     # The policy that specifies when the user wants the Universal Base images to be pulled
     pullPolicy: IfNotPresent
 
+  # Image to be used by init container to validate the secret presence ahead of starting the collector.
+  # Effective only if `secret.create` is set to false and `secret.validateSecret` is set to true (default).
+  validateSecret:
+    # The registry and name of the Universal Base Image 9 image to pull
+    repository: registry.access.redhat.com/ubi9/ubi
+    # The tag of the Universal Base Image 9, default value is latest
+    tag: ""
+    # The policy that specifies when the user wants the Universal Base images to be pulled
+    pullPolicy: IfNotPresent
+
 
 ################################################################################
 # Extra system configuration