#42 Add imagePullSecrets to ParseDefinition and ScanCompletionHooks

J12934 · jorgestiga · J12934 · commit ce58e04ccad7 · 2020-06-30T11:45:23.000+02:00
Co-authored-by: Jorge Estrigarribia &lt;jorge.estigarribia@iteratec.com&gt;
diff --git a/operator/apis/execution/v1/parsedefinition_types.go b/operator/apis/execution/v1/parsedefinition_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -29,8 +30,9 @@ type ParseDefinitionSpec struct {
 	// Important: Run "make" to regenerate code after modifying this file
 
 	// Foo is an example field of ParseDefinition. Edit ParseDefinition_types.go to remove/update
-	HandlesResultsType string `json:"handlesResultsType,omitempty"`
-	Image              string `json:"image,omitempty"`
+	HandlesResultsType string                        `json:"handlesResultsType,omitempty"`
+	Image              string                        `json:"image,omitempty"`
+	ImagePullSecrets   []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
 }
 
 // ParseDefinitionStatus defines the observed state of ParseDefinition
diff --git a/operator/apis/execution/v1/scancompletionhook.go b/operator/apis/execution/v1/scancompletionhook.go
@@ -40,9 +40,10 @@ type ScanCompletionHookSpec struct {
 	// Important: Run "make" to regenerate code after modifying this file
 
 	// Image is the container image for the hooks kubernetes job
-	Image string          `json:"image,omitempty"`
-	Env   []corev1.EnvVar `json:"env,omitempty"`
-	Type  HookType        `json:"type"`
+	Image            string                        `json:"image,omitempty"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+	Env              []corev1.EnvVar               `json:"env,omitempty"`
+	Type             HookType                      `json:"type"`
 }
 
 // ScanCompletionHookStatus defines the observed state of ScanCompletionHook
diff --git a/operator/apis/execution/v1/zz_generated.deepcopy.go b/operator/apis/execution/v1/zz_generated.deepcopy.go
diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml
@@ -50,6 +50,17 @@ spec:
               type: string
             image:
               type: string
+            imagePullSecrets:
+              items:
+                description: LocalObjectReference contains enough information to let
+                  you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              type: array
           type: object
         status:
           description: ParseDefinitionStatus defines the observed state of ParseDefinition
diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml
@@ -145,6 +145,17 @@ spec:
             image:
               description: Image is the container image for the hooks kubernetes job
               type: string
+            imagePullSecrets:
+              items:
+                description: LocalObjectReference contains enough information to let
+                  you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              type: array
             type:
               description: HookType Defines weather the hook should be able to change
                 the findings or is run in a read only mode.
diff --git a/operator/controllers/execution/scan_controller.go b/operator/controllers/execution/scan_controller.go
@@ -416,6 +416,7 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error {
 				Spec: corev1.PodSpec{
 					RestartPolicy:      corev1.RestartPolicyNever,
 					ServiceAccountName: "parser",
+					ImagePullSecrets:   parseDefinition.Spec.ImagePullSecrets,
 					Containers: []corev1.Container{
 						{
 							Name:  "parser",
@@ -1022,6 +1023,7 @@ func (r *ScanReconciler) createJobForHook(hook *executionv1.ScanCompletionHook,
 				Spec: corev1.PodSpec{
 					ServiceAccountName: serviceAccountName,
 					RestartPolicy:      corev1.RestartPolicyNever,
+					ImagePullSecrets:   hook.Spec.ImagePullSecrets,
 					Containers: []corev1.Container{
 						{
 							Name:            "hook",
diff --git a/operator/crds/execution.experimental.securecodebox.io_parsedefinitions.yaml b/operator/crds/execution.experimental.securecodebox.io_parsedefinitions.yaml
@@ -50,6 +50,17 @@ spec:
               type: string
             image:
               type: string
+            imagePullSecrets:
+              items:
+                description: LocalObjectReference contains enough information to let
+                  you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              type: array
           type: object
         status:
           description: ParseDefinitionStatus defines the observed state of ParseDefinition
diff --git a/operator/crds/execution.experimental.securecodebox.io_scancompletionhooks.yaml b/operator/crds/execution.experimental.securecodebox.io_scancompletionhooks.yaml
@@ -145,6 +145,17 @@ spec:
             image:
               description: Image is the container image for the hooks kubernetes job
               type: string
+            imagePullSecrets:
+              items:
+                description: LocalObjectReference contains enough information to let
+                  you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              type: array
             type:
               description: HookType Defines weather the hook should be able to change
                 the findings or is run in a read only mode.
