From 13c6a4abd4612ae0d19c203c809b088acad001af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ey=C3=BE=C3=B3r=20Magn=C3=BAsson?= Date: Wed, 22 Jan 2025 19:37:08 +0100 Subject: [PATCH] fix(k8s): ensure image pull secret is always created for K8s Deploy This fixes an issue were in some (edge) cases the image pull secret is created in the target namespace is using the `kubernetes` Deploy type. I say edge case because the image pull secret is usually ensured in other code paths, e.g. when initialising in-cluster builders and as AFAICT this only happens if using the cloud builder in the k8s Deploy type. The operation is idempotent so calling it again here should be fine. TODO @myself: I want to refactor this flow a little bit in a follow up commit but wanted to get the fix out the way first. --- core/src/plugins/kubernetes/kubernetes-type/handlers.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/src/plugins/kubernetes/kubernetes-type/handlers.ts b/core/src/plugins/kubernetes/kubernetes-type/handlers.ts index ac421fe4dd..a97a4c3369 100644 --- a/core/src/plugins/kubernetes/kubernetes-type/handlers.ts +++ b/core/src/plugins/kubernetes/kubernetes-type/handlers.ts @@ -40,6 +40,7 @@ import type { ActionMode, Resolved } from "../../../actions/types.js" import { deployStateToActionState } from "../../../plugin/handlers/Deploy/get-status.js" import type { ResolvedDeployAction } from "../../../actions/deploy.js" import { isSha256 } from "../../../util/hashing.js" +import { prepareSecrets } from "../secrets.js" export const kubernetesHandlers: Partial> = { configure: configureKubernetesModule, @@ -365,6 +366,10 @@ export const kubernetesDeploy: DeployActionHandler<"deploy", KubernetesDeployAct const manifests = await getManifests({ ctx, api, log, action, defaultNamespace: namespace }) + // Ensure secrets are created in the target namespace + const secrets = [...provider.config.copySecrets, ...provider.config.imagePullSecrets] + await prepareSecrets({ api, namespace, secrets, log }) + // We separate out manifests for namespace resources, since we don't want to apply a prune selector // when applying them. const [namespaceManifests, otherManifests] = partition(manifests, (m) => m.kind === "Namespace")