Merge pull request #51 from qiujian16/sync-pull-secret

Sync pull secret
2026-05-16 06:08:40 +00:00 · 2020-07-10 18:54:32 +02:00
parent 7d8dab07e7 97d68162c2
commit 1408092ddc
5 changed files with 58 additions and 0 deletions
--- a/manifests/klusterlet/klusterlet-registration-serviceaccount.yaml
+++ b/manifests/klusterlet/klusterlet-registration-serviceaccount.yaml
@@ -3,3 +3,5 @@ kind: ServiceAccount
 metadata:
  name: {{ .KlusterletName }}-registration-sa
  namespace: {{ .KlusterletNamespace }}
+imagePullSecrets:
+- name: open-cluster-management-image-pull-credentials
--- a/manifests/klusterlet/klusterlet-work-serviceaccount.yaml
+++ b/manifests/klusterlet/klusterlet-work-serviceaccount.yaml
@@ -3,3 +3,5 @@ kind: ServiceAccount
 metadata:
  name: {{ .KlusterletName }}-work-sa
  namespace: {{ .KlusterletNamespace }}
+imagePullSecrets:
+- name: open-cluster-management-image-pull-credentials
--- a/pkg/operators/klusterlet/bindata/bindata.go
+++ b/pkg/operators/klusterlet/bindata/bindata.go
@@ -287,6 +287,8 @@ kind: ServiceAccount
 metadata:
  name: {{ .KlusterletName }}-registration-sa
  namespace: {{ .KlusterletNamespace }}
+imagePullSecrets:
+- name: open-cluster-management-image-pull-credentials
 `)

 func manifestsKlusterletKlusterletRegistrationServiceaccountYamlBytes() ([]byte, error) {
@@ -505,6 +507,8 @@ kind: ServiceAccount
 metadata:
  name: {{ .KlusterletName }}-work-sa
  namespace: {{ .KlusterletNamespace }}
+imagePullSecrets:
+- name: open-cluster-management-image-pull-credentials
 `)

 func manifestsKlusterletKlusterletWorkServiceaccountYamlBytes() ([]byte, error) {
--- a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
+++ b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
@@ -35,6 +35,7 @@ import (

 const (
 	klusterletFinalizer = "operator.open-cluster-management.io/klusterlet-cleanup"
+	imagePullSecret     = "open-cluster-management-image-pull-credentials"
 	klusterletApplied   = "Applied"
 )

@@ -182,6 +183,26 @@ func (n *klusterletController) sync(ctx context.Context, controllerContext facto
 		return err
 	}

+	// Symc pull secret
+	_, _, err = resourceapply.SyncSecret(
+		n.kubeClient.CoreV1(),
+		controllerContext.Recorder(),
+		n.operatorNamespace,
+		imagePullSecret,
+		config.KlusterletNamespace,
+		imagePullSecret,
+		[]metav1.OwnerReference{},
+	)
+
+	if err != nil {
+		helpers.UpdateKlusterletStatus(ctx, n.klusterletClient, klusterletName, helpers.UpdateKlusterletConditionFn(operatorapiv1.StatusCondition{
+			Type: klusterletApplied, Status: metav1.ConditionFalse, Reason: "KlusterletApplyFailed",
+			Message: fmt.Sprintf("Failed to sync image pull secret to namespace %q: %v", config.KlusterletNamespace, err),
+		}))
+
+		return err
+	}
+
 	errs := []error{}
 	// If kube version is less than 1.12, deploy static resource for kube 1.11 at first
 	// TODO remove this when we do not support kube 1.11 any longer
--- a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller_test.go
+++ b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller_test.go
@@ -423,6 +423,35 @@ func TestClusterNameChange(t *testing.T) {
 	ensureDeployments(t, controller.kubeClient.Actions(), "update", "https://localhost", "cluster3", "cluster3", 2)
 }

+func TestSyncWithPullSecret(t *testing.T) {
+	klusterlet := newKlusterlet("klusterlet", "testns", "cluster1")
+	bootStrapSecret := newSecret(helpers.BootstrapHubKubeConfigSecret, "testns")
+	hubKubeConfigSecret := newSecret(helpers.HubKubeConfigSecret, "testns")
+	hubKubeConfigSecret.Data["kubeconfig"] = []byte("dummuykubeconnfig")
+	namespace := newNamespace("testns")
+	pullSecret := newSecret(imagePullSecret, "open-cluster-management")
+	controller := newTestController(klusterlet, bootStrapSecret, hubKubeConfigSecret, namespace, pullSecret)
+	syncContext := testinghelper.NewFakeSyncContext(t, "klusterlet")
+
+	err := controller.controller.sync(nil, syncContext)
+	if err != nil {
+		t.Errorf("Expected non error when sync, %v", err)
+	}
+
+	var createdSecret *corev1.Secret
+	kubeActions := controller.kubeClient.Actions()
+	for _, action := range kubeActions {
+		if action.GetVerb() == "create" && action.GetResource().Resource == "secrets" {
+			createdSecret = action.(clienttesting.CreateActionImpl).Object.(*corev1.Secret)
+			break
+		}
+	}
+
+	if createdSecret == nil || createdSecret.Name != imagePullSecret {
+		t.Errorf("Failed to sync pull secret")
+	}
+}
+
 func TestDeployOnKube111(t *testing.T) {
 	klusterlet := newKlusterlet("klusterlet", "testns", "cluster1")
 	bootStrapSecret := newSecret(helpers.BootstrapHubKubeConfigSecret, "testns")