Skip to content

Commit

Permalink
Support multiple ImagePullSecrets (#575)
Browse files Browse the repository at this point in the history 
* Support multiple ImagePullSecrets

* add length check
  • Loading branch information
@chunter0
chunter0 authored Jul 31, 2024
1 parent 1583cb7 commit 80d0264
Show file tree
Hide file tree
Showing 23 changed files with 511 additions and 70 deletions.
6 changes: 6 additions & 0 deletions changelog/v0.40.5/image-pull-secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
changelog:
- type: FIX
issueLink: https://github.com/solo-io/skv2/issues/574
description: >
Add support for multiple ImagePullSecret references
skipCI: "false"
142 changes: 132 additions & 10 deletions codegen/cmd_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ package codegen_test
import (
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"os"
"os/exec"
"path/filepath"
Expand Down Expand Up @@ -41,6 +43,125 @@ var _ = Describe("Cmd", func() {
skv2Imports.External["github.com/solo-io/cue"] = []string{
"encoding/protobuf/cue/cue.proto",
}

Describe("image pull secrets", Ordered, func() {
BeforeAll(func() {
cmd := &Command{
Chart: &Chart{
Data: Data{
ApiVersion: "v1",
Description: "",
Name: "Painting Operator",
Version: "v0.0.1",
Home: "https://docs.solo.io/skv2/latest",
Sources: []string{
"https://github.com/solo-io/skv2",
},
},
Operators: []Operator{{
Name: "painter",
Deployment: Deployment{
Container: Container{
Image: Image{
Tag: "v0.0.0",
Repository: "painter",
Registry: "quay.io/solo-io",
PullPolicy: "IfNotPresent",
},
},
},
Values: map[string]any{
"imagePullSecrets": []v1.LocalObjectReference{},
},
}},
},
ManifestRoot: "codegen/test/chart/image-pull-secrets",
}
Expect(cmd.Execute()).NotTo(HaveOccurred(), "failed to execute command")
})
DescribeTable(
"using",
func(values any, shouldBeEmpty bool, expected ...v1.LocalObjectReference) {
manifests := helmTemplate("./test/chart/image-pull-secrets", values)

var (
renderedDeployment *appsv1.Deployment
decoder = kubeyaml.NewYAMLOrJSONDecoder(bytes.NewBuffer(manifests), 4096)
)
for {
var deployment appsv1.Deployment
if err := decoder.Decode(&deployment); errors.Is(err, io.EOF) {
break
}

if deployment.GetName() == "painter" && deployment.Kind == "Deployment" {
renderedDeployment = &deployment
break
}
}
Expect(renderedDeployment).NotTo(BeNil())
if shouldBeEmpty {
Expect(renderedDeployment.Spec.Template.Spec.ImagePullSecrets).To(BeEmpty())
return
}

Expect(renderedDeployment.Spec.Template.Spec.ImagePullSecrets).To(ContainElements(expected))
},
Entry(
"empty",
map[string]any{
"painter": map[string]any{
"enabled": true,
},
},
true,
nil,
),
Entry(
"legacy pullSecret field",
map[string]any{
"painter": map[string]any{
"enabled": true,
"image": map[string]any{
"pullSecret": "a-registry",
},
},
},
false,
v1.LocalObjectReference{Name: "a-registry"},
),
Entry(
"imagePullSecrets field",
map[string]any{
"painter": map[string]any{
"enabled": true,
"imagePullSecrets": []v1.LocalObjectReference{{
Name: "b-registry",
}},
},
},
false,
v1.LocalObjectReference{Name: "b-registry"},
),
Entry(
"imagePullSecrets field with legacy",
map[string]any{
"painter": map[string]any{
"enabled": true,
"image": map[string]any{
"pullSecret": "a-registry",
},
"imagePullSecrets": []v1.LocalObjectReference{{
Name: "b-registry",
}},
},
},
false,
v1.LocalObjectReference{Name: "a-registry"}, v1.LocalObjectReference{Name: "b-registry"},
),
)
})

It("env variable priority", func() {
cmd := &Command{
Chart: &Chart{
Expand All @@ -58,7 +179,7 @@ var _ = Describe("Cmd", func() {
Name: "painter",
Deployment: Deployment{
Container: Container{
Image: Image{Repository: "painter", Tag: "v0.0.1"},
Image: Image{Repository: "painter", Registry: "gcr.io/painter", Tag: "v0.0.1"},
Env: []v1.EnvVar{{Name: "ENV_VAR", Value: "default"}},
TemplateEnvVars: []TemplateEnvVar{
{
Expand Down Expand Up @@ -3156,18 +3277,19 @@ func helmTemplate(path string, values interface{}) []byte {

defer os.RemoveAll(helmValuesFile.Name())

cc := exec.Command("helm", "template",
args := []string{
"template",
path,
"--values", helmValuesFile.Name(),
)
out, err := cc.CombinedOutput()
defer func(e error) {
if e == nil {
return
}
fmt.Printf("[Cameron]: failed to run %s\n", cc.String())
}(err)
}

if os.Getenv("HELM_DEBUG") != "" {
args = append(args, "--debug")
}

cc := exec.Command("helm", args...)

out, err := cc.CombinedOutput()
ExpectWithOffset(0, err).NotTo(HaveOccurred(), string(out))
return out
}
Expand Down
1 change: 1 addition & 0 deletions codegen/model/chart.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ type Deployment struct {
CustomPodAnnotations map[string]string
CustomDeploymentLabels map[string]string
CustomDeploymentAnnotations map[string]string
ImagePullSecrets []corev1.LocalObjectReference
}

type ConditionalStrategy struct {
Expand Down
14 changes: 10 additions & 4 deletions codegen/templates/chart/operator-deployment.yamltmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,10 +241,16 @@ spec:
{{- end }}
[[- end ]]
[[- end ]]
{{- if $[[ $operatorVar ]]Image.pullSecret }}
imagePullSecrets:
- name: {{ $[[ $operatorVar ]]Image.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $[[ $operatorVar ]]Image.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $[[ $operatorVar ]]Image.pullSecret)) -}}
{{- end }}
{{- if $[[ $operatorVar ]].imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $[[ $operatorVar ]].imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "[[ $operator.Name ]].deploymentSpec" */}}

{{/* Render [[ $operator.Name ]] deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-conditional-deployment-strategy/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,16 @@ spec:
drop:
- ALL
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-deployment-strategy/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,10 +84,16 @@ spec:
drop:
- ALL
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-envvars/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,16 @@ spec:
drop:
- ALL
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-no-desc/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,10 +152,16 @@ spec:
port: 8080
initialDelaySeconds: 30
periodSeconds: 60
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-pod-security-context/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,16 @@ spec:
drop:
- ALL
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-readiness/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,16 @@ spec:
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-sidecar-svcport/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,10 +127,16 @@ spec:
- ALL
{{- end }}
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-sidecar/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,10 +125,16 @@ spec:
drop:
- ALL
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
14 changes: 10 additions & 4 deletions codegen/test/chart-svcport/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,16 @@ spec:
drop:
- ALL
{{- end }}
{{- if $painterImage.pullSecret }}
imagePullSecrets:
- name: {{ $painterImage.pullSecret }}
{{- end}}
{{- $pullSecrets := (list) -}}
{{- if $painterImage.pullSecret }}
{{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}}
{{- end }}
{{- if $painter.imagePullSecrets }}
{{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}}
{{- end }}
{{- if gt (len $pullSecrets) 0 -}}
{{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }}
{{- end }}
{{- end }} {{/* define "painter.deploymentSpec" */}}

{{/* Render painter deployment template with overrides from values*/}}
Expand Down
Loading

0 comments on commit 80d0264

Please sign in to comment.