added support for image pull secrets (#24)

* added support for image pull secrets * specify a single image pull secret * added pullSecret to example
flux-framework · Sep 17, 2022 · 6d39143 · 6d39143
1 parent 2d7290d
commit 6d39143
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 5 deletions.
diff --git a/api/v1alpha1/minicluster_types.go b/api/v1alpha1/minicluster_types.go
@@ -56,6 +56,14 @@ type MiniClusterSpec struct {
 	// +optional
 	PullAlways bool `json:"pullAlways"`
 
+	// Allow the user to pull authenticated images
+	// By default no secret is selected. Setting
+	// this with the name of an already existing
+	// imagePullSecret will specify that secret
+	// in the pod spec.
+	// +optional
+	ImagePullSecret string `json:"imagePullSecret"`
+
 	// Single user executable to provide to flux start
 	// +optional
 	Command string `json:"command"`

diff --git a/config/samples/flux-framework.org_v1alpha1_minicluster.yaml b/config/samples/flux-framework.org_v1alpha1_minicluster.yaml
@@ -18,4 +18,6 @@ spec:
   # That makes it easy for you to shell into the pod to look around
   diagnostics: false
   # Deadline in seconds, if not set there is no deadline
-  # deadlineSeconds: 100
+  # deadlineSeconds: 100
+  # Name of an already created ImagePullSecret for the image specfied above
+  # imagePullSecret: flux-image-secret
diff --git a/controllers/flux/job.go b/controllers/flux/job.go
@@ -56,10 +56,11 @@ func (r *MiniClusterReconciler) newMiniClusterJob(cluster *api.MiniCluster) *bat
 					Labels: map[string]string{"name": cluster.Name, "namespace": cluster.Namespace, "job": cluster.Name},
 				},
 				Spec: corev1.PodSpec{
-					Subdomain:     cluster.Name,
-					Volumes:       getVolumes(cluster),
-					Containers:    containers,
-					RestartPolicy: corev1.RestartPolicyOnFailure,
+					Subdomain:        cluster.Name,
+					Volumes:          getVolumes(cluster),
+					Containers:       containers,
+					RestartPolicy:    corev1.RestartPolicyOnFailure,
+					ImagePullSecrets: getImagePullSecret(cluster),
 				}},
 		},
 	}
@@ -93,3 +94,13 @@ func (r *MiniClusterReconciler) getMiniClusterContainers(cluster *api.MiniCluste
 	}
 	return containers
 }
+
+// Function to return list of objects references for
+// imagePullSecrets. Current Spec only allows for a
+// single secret to be used. 
+func getImagePullSecret(cluster *api.MiniCluster) []corev1.LocalObjectReference {
+	pullSecrets := []corev1.LocalObjectReference{
+		corev1.LocalObjectReference{Name: cluster.Spec.ImagePullSecret},
+	}
+	return pullSecrets
+}