[Feat] Add imagePullSecrets support for router and cache-server deplo…

[HanFa]

…yment.

FIX #761

Now all types of containers should be able to pull from a private image repository.

BEFORE SUBMITTING, PLEASE READ THE CHECKLIST BELOW AND FILL IN THE DESCRIPTION ABOVE

---

• Make sure the code changes pass the pre-commit checks.
• Sign-off your commit by using -s when doing git commit
• Try to classify PRs for easy understanding of the type of changes, such as [Bugfix], [Feat], and [CI].

Detailed Checklist (Click to Expand)

Thank you for your contribution to production-stack! Before submitting the pull request, please ensure the PR meets the following criteria. This helps us maintain the code quality and improve the efficiency of the review process.

PR Title and Classification

Please try to classify PRs for easy understanding of the type of changes. The PR title is prefixed appropriately to indicate the type of change. Please use one of the following:

• [Bugfix] for bug fixes.
• [CI/Build] for build or continuous integration improvements.
• [Doc] for documentation fixes and improvements.
• [Feat] for new features in the cluster (e.g., autoscaling, disaggregated prefill, etc.).
• [Router] for changes to the vllm_router (e.g., routing algorithm, router observability, etc.).
• [Misc] for PRs that do not fit the above categories. Please use this sparingly.

Note: If the PR spans more than one category, please include all relevant prefixes.

Code Quality

The PR need to meet the following code quality standards:

• Pass all linter checks. Please use pre-commit to format your code. See README.md for installation.
• The code need to be well-documented to ensure future contributors can easily understand the code.
• Please include sufficient tests to ensure the change is stay correct and robust. This includes both unit tests and integration tests.

DCO and Signed-off-by

When contributing changes to this project, you must agree to the DCO. Commits must include a Signed-off-by: header which certifies agreement with the terms of the DCO.

Using -s with git commit will automatically add this header.

What to Expect for the Reviews

We aim to address all PRs in a timely manner. If no one reviews your PR within 5 days, please @-mention one of YuhanLiu11
, Shaoting-Feng or ApostaC.

[gemini-code-assist]

Summary of Changes

Hello @HanFa, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Helm chart's flexibility by introducing comprehensive support for imagePullSecrets. This allows users to specify Kubernetes secrets for pulling container images from private registries for various components, including the router, cache server, serving engine models, Lora controller, and Ray cluster. The changes involve updating Helm templates, schema definitions, documentation, and adding thorough test coverage to ensure proper functionality.

Highlights

• Expanded imagePullSecrets Support: Introduced the capability to specify imagePullSecrets for various components, including the router, cache server, serving engine models, Lora controller, and Ray cluster, enabling deployments from private container registries.
• Helm Chart Integration: Modified Helm chart templates (deployment-router.yaml, deployment-cache-server.yaml) to dynamically apply imagePullSecrets based on the provided values.yaml configuration.
• Schema and Documentation Updates: Updated helm/values.schema.json and helm/README.md to reflect the new imagePullSecrets parameters and their usage, ensuring clear configuration guidance.
• Comprehensive Testing: Added a new test file (helm/tests/imagePullSecrets_test.yaml) with extensive test cases to validate the correct application of imagePullSecrets across all supported components.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for imagePullSecrets to the router and cache-server deployments, allowing images to be pulled from private container registries. The changes include updates to Helm templates, values.yaml, values.schema.json, and the README.md. New tests have also been added to verify the functionality for multiple components.

My review focuses on improving documentation consistency and test robustness. I've pointed out an inconsistency in the cacheserverSpec documentation and suggested a more consistent structure for image-related properties. I've also recommended strengthening the assertions in the new test file to ensure they are more comprehensive.

[gemini-code-assist]

This new parameter cacheserverSpec.imagePullSecrets is being added at the top level of cacheserverSpec, while other image-related parameters like repository are documented as being under an image object. However, the implementation in helm/templates/deployment-cache-server.yaml actually uses flat properties (e.g., .Values.cacheserverSpec.repository), which makes the existing documentation for image.repository incorrect. Also, imagePullPolicy is hardcoded in the template and not configurable as the README suggests.

To improve consistency and clarity, it would be best to refactor all image-related properties for cacheserverSpec to be under an image object, including this new imagePullSecrets parameter. This would also be a good opportunity to fix the incorrect documentation for the other image parameters.

[gemini-code-assist]

The assertions in this test case could be more robust. Instead of checking just the name of the first secret with path: spec.template.spec.imagePullSecrets[0].name, it would be better to assert the entire imagePullSecrets list. This ensures the structure is exactly as expected and would catch issues if more properties were added to the secret reference in the future.

For example, the assertion for the router could be:

- template: deployment-router.yaml
  equal:
    path: spec.template.spec.imagePullSecrets
    value:
      - name: router-secret

This is similar to how the individual component tests are structured earlier in this file.

[zerofishnoodles]

LGTM