[cluster] support image pull secrets (#160)

m3db · Jul 8, 2019 · 40eadeb · 40eadeb
1 parent 7fb1ab2
commit 40eadeb
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 1 deletion.
diff --git a/docs/api.md b/docs/api.md
@@ -53,6 +53,7 @@ ClusterSpec defines the desired state for a M3 cluster to be converge to.
 | dataDirVolumeClaimTemplate | DataDirVolumeClaimTemplate is the volume claim template for an M3DB instance's data. It claims PersistentVolumes for cluster storage, volumes are dynamically provisioned by when the StorageClass is defined. | *[corev1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#persistentvolumeclaim-v1-core) | false |
 | podSecurityContext | PodSecurityContext allows the user to specify an optional security context for pods. | *corev1.PodSecurityContext | false |
 | securityContext | SecurityContext allows the user to specify a container-level security context. | *corev1.SecurityContext | false |
+| imagePullSecrets | ImagePullSecrets will be added to every pod. | [][corev1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#localobjectreference-v1-core) | false |
 | labels | Labels sets the base labels that will be applied to resources created by the cluster. // TODO(schallert): design doc on labeling scheme. | map[string]string | false |
 | annotations | Annotations sets the base annotations that will be applied to resources created by the cluster. | map[string]string | false |
 | tolerations | Tolerations sets the tolerations that will be applied to all M3DB pods. | []corev1.Toleration | false |

diff --git a/pkg/apis/m3dboperator/v1alpha1/cluster.go b/pkg/apis/m3dboperator/v1alpha1/cluster.go
@@ -234,6 +234,9 @@ type ClusterSpec struct {
 	// context.
 	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
 
+	// ImagePullSecrets will be added to every pod.
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
 	// Labels sets the base labels that will be applied to resources created by
 	// the cluster. // TODO(schallert): design doc on labeling scheme.
 	Labels map[string]string `json:"labels,omitempty"`

diff --git a/pkg/apis/m3dboperator/v1alpha1/openapi_generated.go b/pkg/apis/m3dboperator/v1alpha1/openapi_generated.go
diff --git a/pkg/apis/m3dboperator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/m3dboperator/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/k8sops/fixtures/testM3DBCluster.yaml b/pkg/k8sops/fixtures/testM3DBCluster.yaml
@@ -9,6 +9,8 @@ spec:
   replicationFactor: 3
   numberOfShards: 8
   enableCarbonIngester: true
+  imagePullSecrets:
+  - name: secret1
   isolationGroups:
     - name: us-fake1-a
       numInstances: 1

diff --git a/pkg/k8sops/generators_test.go b/pkg/k8sops/generators_test.go
@@ -146,6 +146,9 @@ func TestGenerateStatefulSet(t *testing.T) {
 					SecurityContext: &v1.PodSecurityContext{
 						FSGroup: pointer.Int64Ptr(10),
 					},
+					ImagePullSecrets: []v1.LocalObjectReference{
+						{Name: "secret1"},
+					},
 					Affinity: &v1.Affinity{
 						NodeAffinity: &v1.NodeAffinity{
 							RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{

diff --git a/pkg/k8sops/statefulset.go b/pkg/k8sops/statefulset.go
@@ -113,6 +113,7 @@ func NewBaseStatefulSet(ssName, isolationGroup string, cluster *myspec.M3DBClust
 				Spec: v1.PodSpec{
 					PriorityClassName: cluster.Spec.PriorityClassName,
 					SecurityContext:   cluster.Spec.PodSecurityContext,
+					ImagePullSecrets:  cluster.Spec.ImagePullSecrets,
 					Containers: []v1.Container{
 						{
 							Name:            ssName,