Allow a default to be set for imagePullSecrets on operator scope (#926)

coro · web-flow · commit 5f98b4304fbe · 2022-01-13T13:44:07.000Z
This change allows for the operator to set a configurable list of imagePullSecrets as the default to use on all Pods created in RabbitmqClusters. If a RabbitmqClusterSpec does not specify imagePullSecrets, the operator will use the value of the environment variable `DEFAULT_IMAGE_PULL_SECRETS` if set to update the RabbitmqClusterSpec. This closes #870
diff --git a/controllers/rabbitmqcluster_controller.go b/controllers/rabbitmqcluster_controller.go
@@ -66,6 +66,7 @@ type RabbitmqClusterReconciler struct {
 	PodExecutor             PodExecutor
 	DefaultRabbitmqImage    string
 	DefaultUserUpdaterImage string
+	DefaultImagePullSecrets string
 }
 
 // the rbac rule requires an empty row at the end to render
@@ -129,6 +130,21 @@ func (r *RabbitmqClusterReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		}
 	}
 
+	if rabbitmqCluster.Spec.ImagePullSecrets == nil {
+		for _, reference := range strings.Split(r.DefaultImagePullSecrets, ",") {
+			rabbitmqCluster.Spec.ImagePullSecrets = append(rabbitmqCluster.Spec.ImagePullSecrets, corev1.LocalObjectReference{Name: reference})
+		}
+		if err = r.Update(ctx, rabbitmqCluster); err != nil {
+			if k8serrors.IsConflict(err) {
+				logger.Info("failed to update image pull secrets because of conflict; requeueing...",
+					"namespace", rabbitmqCluster.Namespace,
+					"name", rabbitmqCluster.Name)
+				return ctrl.Result{RequeueAfter: 2 * time.Second}, nil
+			}
+			return ctrl.Result{}, err
+		}
+	}
+
 	if rabbitmqCluster.UsesDefaultUserUpdaterImage() {
 		rabbitmqCluster.Spec.SecretBackend.Vault.DefaultUserUpdaterImage = &r.DefaultUserUpdaterImage
 		if err = r.Update(ctx, rabbitmqCluster); err != nil {
diff --git a/controllers/rabbitmqcluster_controller_test.go b/controllers/rabbitmqcluster_controller_test.go
@@ -74,16 +74,32 @@ var _ = Describe("RabbitmqClusterController", func() {
 				Expect(fetchedCluster.Spec.Image).To(Equal(defaultRabbitmqImage))
 			})
 
+			var sts *appsv1.StatefulSet
 			By("creating a statefulset with default configurations", func() {
-				sts := statefulSet(ctx, cluster)
+				sts = statefulSet(ctx, cluster)
 
 				Expect(sts.Name).To(Equal(cluster.ChildResourceName("server")))
-				Expect(sts.Spec.Template.Spec.ImagePullSecrets).To(BeEmpty())
 
 				Expect(len(sts.Spec.VolumeClaimTemplates)).To(Equal(1))
 				Expect(sts.Spec.VolumeClaimTemplates[0].Spec.StorageClassName).To(BeNil())
 			})
 
+			By("setting the default imagePullSecrets", func() {
+				Expect(sts.Spec.Template.Spec.ImagePullSecrets).To(ConsistOf(
+					[]corev1.LocalObjectReference{
+						{
+							Name: "image-secret-1",
+						},
+						{
+							Name: "image-secret-2",
+						},
+						{
+							Name: "image-secret-3",
+						},
+					},
+				))
+			})
+
 			By("creating the server conf configmap", func() {
 				cfm := configMap(ctx, cluster, "server-conf")
 				Expect(cfm.Name).To(Equal(cluster.ChildResourceName("server-conf")))
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -37,6 +37,7 @@ const (
 	controllerName          = "rabbitmqcluster-controller"
 	defaultRabbitmqImage    = "default-rabbit-image:stable"
 	defaultUserUpdaterImage = "default-UU-image:unstable"
+	defaultImagePullSecrets = "image-secret-1,image-secret-2,image-secret-3"
 )
 
 var (
@@ -94,6 +95,7 @@ var _ = BeforeSuite(func() {
 		PodExecutor:             fakeExecutor,
 		DefaultRabbitmqImage:    defaultRabbitmqImage,
 		DefaultUserUpdaterImage: defaultUserUpdaterImage,
+		DefaultImagePullSecrets: defaultImagePullSecrets,
 	}).SetupWithManager(mgr)
 	Expect(err).ToNot(HaveOccurred())
 
diff --git a/main.go b/main.go
@@ -47,6 +47,7 @@ func main() {
 		metricsAddr             string
 		defaultRabbitmqImage    = "rabbitmq:3.8.21-management"
 		defaultUserUpdaterImage = "rabbitmqoperator/default-user-credential-updater:1.0.0"
+		defaultImagePullSecrets = ""
 	)
 
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":9782", "The address the metric endpoint binds to.")
@@ -75,6 +76,10 @@ func main() {
 		defaultUserUpdaterImage = configuredDefaultUserUpdaterImage
 	}
 
+	if configuredDefaultImagePullSecrets, ok := os.LookupEnv("DEFAULT_IMAGE_PULL_SECRETS"); ok {
+		defaultImagePullSecrets = configuredDefaultImagePullSecrets
+	}
+
 	options := ctrl.Options{
 		Scheme:                  scheme,
 		MetricsBindAddress:      metricsAddr,
@@ -127,6 +132,7 @@ func main() {
 		PodExecutor:             controllers.NewPodExecutor(),
 		DefaultRabbitmqImage:    defaultRabbitmqImage,
 		DefaultUserUpdaterImage: defaultUserUpdaterImage,
+		DefaultImagePullSecrets: defaultImagePullSecrets,
 	}).SetupWithManager(mgr)
 	if err != nil {
 		log.Error(err, "unable to create controller", controllerName)
