feat(cleanup): support image pull secrets for cleanup pod (#527)

add image pull secret to cleanup job pod via env

Signed-off-by: Akhil Mohan <[email protected]>

changelogs/unreleased/493-RealHarshThakur

@@ -0,0 +1 @@
+upgrade CRDs to v1 and add openAPI validation

changelogs/unreleased/527-akhilerm

@@ -0,0 +1 @@
+add image pull secrets to cleanup job pod via environment variable

pkg/cleaner/config.go

@@ -16,7 +16,9 @@ limitations under the License.
 
 package cleaner
 
-import "os"
+import (
+	"os"
+)
 
 const (
 	// EnvCleanUpJobImage is the environment variable for getting the

pkg/cleaner/jobcontroller.go

@@ -26,6 +26,7 @@ import (
 	"github.com/openebs/node-disk-manager/blockdevice"
 	"github.com/openebs/node-disk-manager/cmd/ndm_daemonset/controller"
 	"github.com/openebs/node-disk-manager/pkg/apis/openebs/v1alpha1"
+	"github.com/openebs/node-disk-manager/pkg/env"
 	batchv1 "k8s.io/api/batch/v1"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -136,6 +137,7 @@ func NewCleanupJob(bd *v1alpha1.BlockDevice, volMode VolumeMode, tolerations []v
 	podSpec.ServiceAccountName = getServiceAccount()
 	podSpec.Containers = []v1.Container{jobContainer}
 	podSpec.NodeSelector = map[string]string{controller.KubernetesHostNameLabel: nodeName}
+	podSpec.ImagePullSecrets = env.GetOpenEBSImagePullSecrets()
 	podTemplate := v1.Pod{}
 	podTemplate.Spec = podSpec
 

pkg/env/env.go

@@ -18,6 +18,9 @@ package env
 
 import (
 	"os"
+	"strings"
+
+	v1 "k8s.io/api/core/v1"
 
 	"github.com/openebs/node-disk-manager/pkg/util"
 )
@@ -29,6 +32,9 @@ const (
 
 	// installCRDEnvDefaultValue is the default value for the INSTALL_CRD_ENV
 	installCRDEnvDefaultValue = true
+
+	// IMAGE_PULL_SECRETS_ENV is the environment variable used to pass the image pull secrets
+	IMAGE_PULL_SECRETS_ENV = "OPENEBS_IO_IMAGE_PULL_SECRETS"
 )
 
 // IsInstallCRDEnabled is used to check whether the CRDs need to be installed
@@ -42,3 +48,22 @@ func IsInstallCRDEnabled() bool {
 
 	return util.CheckTruthy(val)
 }
+
+// GetOpenEBSImagePullSecrets is used to get the image pull secrets from the environment variable
+func GetOpenEBSImagePullSecrets() []v1.LocalObjectReference {
+	secrets := strings.TrimSpace(os.Getenv(IMAGE_PULL_SECRETS_ENV))
+
+	list := make([]v1.LocalObjectReference, 0)
+
+	if len(secrets) == 0 {
+		return list
+	}
+	arr := strings.Split(secrets, ",")
+	for _, item := range arr {
+		if len(item) > 0 {
+			l := v1.LocalObjectReference{Name: strings.TrimSpace(item)}
+			list = append(list, l)
+		}
+	}
+	return list
+}

pkg/env/env_test.go

@@ -20,6 +20,8 @@ import (
 	"os"
 	"testing"
 
+	v1 "k8s.io/api/core/v1"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -58,3 +60,43 @@ func TestIsInstallCRDEnabled(t *testing.T) {
 		})
 	}
 }
+
+func TestGetOpenEBSImagePullSecrets(t *testing.T) {
+	tests := map[string]struct {
+		envValue string
+		secret   []v1.LocalObjectReference
+	}{
+		"empty variable": {
+			envValue: "",
+			secret:   []v1.LocalObjectReference{},
+		},
+		"single value": {
+			envValue: "image-pull-secret",
+			secret:   []v1.LocalObjectReference{{Name: "image-pull-secret"}},
+		},
+		"multiple value": {
+			envValue: "image-pull-secret,secret-1",
+			secret:   []v1.LocalObjectReference{{Name: "image-pull-secret"}, {Name: "secret-1"}},
+		},
+		"whitespaces": {
+			envValue: " ",
+			secret:   []v1.LocalObjectReference{},
+		},
+		"single value with whitespaces": {
+			envValue: " docker-secret ",
+			secret:   []v1.LocalObjectReference{{Name: "docker-secret"}},
+		},
+		"multiple value with whitespaces": {
+			envValue: " docker-secret, image-pull-secret ",
+			secret:   []v1.LocalObjectReference{{Name: "docker-secret"}, {Name: "image-pull-secret"}},
+		},
+	}
+	for name, tt := range tests {
+		t.Run(name, func(t *testing.T) {
+			os.Setenv(IMAGE_PULL_SECRETS_ENV, tt.envValue)
+			got := GetOpenEBSImagePullSecrets()
+			assert.Equal(t, tt.secret, got)
+			os.Unsetenv(IMAGE_PULL_SECRETS_ENV)
+		})
+	}
+}