diff --git a/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec.go b/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec.go index 6cfef7c..647c378 100644 --- a/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec.go +++ b/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec.go @@ -254,6 +254,20 @@ func (b *Builder) WithServiceAccountName(serviceAccountnNme string) *Builder { return b } +// WithImagePullSecret adds a new secret to the ImagePullSecrets field of podtemplatespec +func (b *Builder) WithImagePullSecret(imagePullSecretName string) *Builder { + if len(imagePullSecretName) != 0 { + b.podtemplatespec.Object.Spec.ImagePullSecrets = append( + b.podtemplatespec.Object.Spec.ImagePullSecrets, + corev1.LocalObjectReference{ + Name: imagePullSecretName, + }, + ) + } + + return b +} + // WithAffinity sets the affinity field of podtemplatespec func (b *Builder) WithAffinity(affinity *corev1.Affinity) *Builder { if affinity == nil { diff --git a/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec_test.go b/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec_test.go index 021223c..45034ce 100644 --- a/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec_test.go +++ b/pkg/kubernetes/api/core/v1/podtemplatespec/podtemplatespec_test.go @@ -419,3 +419,38 @@ func TestBuilderWithTolerationsNew(t *testing.T) { }) } } + +func TestBuildWithImagePullSecret(t *testing.T) { + tests := map[string]struct { + imagePullSecret string + builder *Builder + expectErr bool + }{ + "Test Builder with image pull secret": { + imagePullSecret: "mysecret", + builder: &Builder{podtemplatespec: &PodTemplateSpec{ + Object: &corev1.PodTemplateSpec{}, + }}, + expectErr: false, + }, + "Test Builder without image pull secret": { + imagePullSecret: "", + builder: &Builder{podtemplatespec: &PodTemplateSpec{ + Object: &corev1.PodTemplateSpec{}, + }}, + expectErr: false, + }, + } + for name, mock := range tests { + name, mock := name, mock + t.Run(name, func(t *testing.T) { + b := mock.builder.WithImagePullSecret(mock.imagePullSecret) + if mock.expectErr && len(b.errs) == 0 { + t.Fatalf("Test %q failed: expected error not to be nil", name) + } + if !mock.expectErr && len(b.errs) > 0 { + t.Fatalf("Test %q failed: expected error to be nil", name) + } + }) + } +} diff --git a/provisioner/env.go b/provisioner/env.go index 9b9f683..9fcf767 100644 --- a/provisioner/env.go +++ b/provisioner/env.go @@ -57,6 +57,9 @@ const ( // NFSBackendPvcTimeout defines env name to store BackendPvcBoundTimeout value NFSBackendPvcTimeout menv.ENVKey = "OPENEBS_IO_NFS_SERVER_BACKEND_PVC_TIMEOUT" + + // NFSServerImagePullSecret defines the env name to store the name of the image pull secret + NFSServerImagePullSecret menv.ENVKey = "OPENEBS_IO_NFS_SERVER_IMAGE_PULL_SECRET" ) var ( @@ -101,3 +104,7 @@ func getNfsServerNodeAffinity() string { func getBackendPvcTimeout() string { return menv.Get(NFSBackendPvcTimeout) } + +func getNfsServerImagePullSecret() string { + return menv.GetOrDefault(NFSServerImagePullSecret, "") +} diff --git a/provisioner/helper_kernel_nfs_server.go b/provisioner/helper_kernel_nfs_server.go index ed29db1..a514811 100644 --- a/provisioner/helper_kernel_nfs_server.go +++ b/provisioner/helper_kernel_nfs_server.go @@ -250,6 +250,7 @@ func (p *Provisioner) createDeployment(nfsServerOpts *KernelNFSServerOptions) er FSGroup: nfsServerOpts.fsGroup, }). WithNodeAffinityMatchExpressions(p.nodeAffinity.MatchExpressions). + WithImagePullSecret(getNfsServerImagePullSecret()). WithContainerBuildersNew( container.NewBuilder(). WithName("nfs-server").