Cleanup: Add new imagePullSecret field to CRD

tcrawley-xilinx · Thomas Crawley · commit db81820e1fd4 · 2024-02-02T16:51:09.000Z
diff --git a/api/v1alpha1/onload_types.go b/api/v1alpha1/onload_types.go
@@ -165,6 +165,13 @@ type Spec struct {
 	// ServiceAccountName is the name of the service account that the objects
 	// created by the Onload Operator will use.
 	ServiceAccountName string `json:"serviceAccountName"`
+
+	// +optional
+	// ImagePullSecret is an optional secret that gets used by the objects
+	// created by the operator when pulling images from container registries.
+	// Used by both the Modules (as the ImageRepoSecret field) and the Daemonset
+	// (as the ImagePullSecrets field) created by the container.
+	ImagePullSecret *v1.LocalObjectReference `json:"imagePullSecret,omitempty"`
 }
 
 // OnloadStatus defines the observed state of Onload
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/onload.amd.com_onloads.yaml b/config/crd/bases/onload.amd.com_onloads.yaml
@@ -91,6 +91,19 @@ spec:
                 x-kubernetes-validations:
                 - message: SetPreload and MountOnload mutually exclusive
                   rule: '!(self.setPreload && self.mountOnload)'
+              imagePullSecret:
+                description: ImagePullSecret is an optional secret that gets used
+                  by the objects created by the operator when pulling images from
+                  container registries. Used by both the Modules (as the ImageRepoSecret
+                  field) and the Daemonset (as the ImagePullSecrets field) created
+                  by the container.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               onload:
                 description: Onload is the specification of the version of Onload
                   to be used by this CR
diff --git a/config/samples/onload/base/onload_v1alpha1_onload.yaml b/config/samples/onload/base/onload_v1alpha1_onload.yaml
@@ -53,6 +53,8 @@ spec:
   # ServiceAccountName is the name of the service account that the objects
   # created by the Onload Operator will use. Required.
   serviceAccountName: onload-operator-sa
+  # imagePullSecret:
+  #   name: secret-name
 
   # Selector defines the set of nodes that this Onload CR will run on. Required.
   selector:
diff --git a/controllers/onload_controller.go b/controllers/onload_controller.go
@@ -869,7 +869,8 @@ func createModule(
 					Version:         onload.Spec.Onload.Version,
 				},
 			},
-			Selector: onload.Spec.Selector,
+			ImageRepoSecret: onload.Spec.ImagePullSecret,
+			Selector:        onload.Spec.Selector,
 		},
 	}
 
@@ -1139,6 +1140,7 @@ func (r *OnloadReconciler) createDevicePluginDaemonSet(
 					Labels: dsPodLabels,
 				},
 				Spec: corev1.PodSpec{
+					ImagePullSecrets:   []corev1.LocalObjectReference{},
 					ServiceAccountName: onload.Spec.ServiceAccountName,
 					Containers: []corev1.Container{
 						devicePluginContainer,
@@ -1176,6 +1178,10 @@ func (r *OnloadReconciler) createDevicePluginDaemonSet(
 		},
 	}
 
+	if onload.Spec.ImagePullSecret != nil {
+		devicePlugin.Spec.Template.Spec.ImagePullSecrets = []corev1.LocalObjectReference{*onload.Spec.ImagePullSecret}
+	}
+
 	err = controllerutil.SetControllerReference(onload, devicePlugin, r.Scheme)
 	if err != nil {
 		log.Error(err, "Failed to set controller reference for Device Plugin")
diff --git a/controllers/onload_controller_test.go b/controllers/onload_controller_test.go
@@ -923,5 +923,26 @@ var _ = Describe("onload controller", func() {
 			),
 		)
 
+		It("should pass through imagepullsecret", func() {
+			devicePlugin := appsv1.DaemonSet{}
+			devicePluginName := types.NamespacedName{
+				Name:      onload.Name + "-onload-device-plugin-ds",
+				Namespace: onload.Namespace,
+			}
+
+			onload.Spec.ImagePullSecret = &corev1.LocalObjectReference{Name: "Steven"}
+			Expect(k8sClient.Create(ctx, onload)).To(BeNil())
+
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, devicePluginName, &devicePlugin)
+				return err == nil
+			}, timeout, pollingInterval).Should(BeTrue())
+
+			Expect(devicePlugin.Spec.Template.Spec.ImagePullSecrets).Should(
+				ContainElement(MatchFields(IgnoreExtras, Fields{
+					"Name": Equal("Steven"),
+				})),
+			)
+		})
 	})
 })
