From 76ced78871a208e1a9925fc3eae69e3d611aca26 Mon Sep 17 00:00:00 2001
From: Mike Baum <michael.baum@gmail.com>
Date: Sat, 18 May 2024 11:12:14 -0400
Subject: [PATCH] add ImagePullSecret property for setting an image pull secret
 if needed (#21)

Signed-off-by: Mike Baum <michael.baum@gmail.com>
---
 api/v1alpha1/pipeline_types.go                |  4 +
 .../bases/captain.benthos.dev_pipelines.yaml  |  7 +-
 internal/pkg/resource/resource.go             | 78 ++++++++++---------
 3 files changed, 53 insertions(+), 36 deletions(-)

diff --git a/api/v1alpha1/pipeline_types.go b/api/v1alpha1/pipeline_types.go
index a2964d1..13cb5f4 100644
--- a/api/v1alpha1/pipeline_types.go
+++ b/api/v1alpha1/pipeline_types.go
@@ -27,6 +27,10 @@ type PipelineSpec struct {
 	// +optional
 	Image string `json:"image,omitempty"`
 
+	// ImagePullSecret is an optional reference to a secret in the same namespace to use for pulling the image used by
+	// the benthos Pod. Similar to ImagePullSecrets, see v1.PodSpec#ImagePullSecrets.
+	ImagePullSecret string `json:"imagePullSecret,omitempty"`
+
 	// ConfigFiles Additional configuration, as Key/Value pairs, that will be mounted as files with the /config
 	// directory on the pod. The key should be the file name and the value should be its content.
 	ConfigFiles map[string]string `json:"configFiles,omitempty"`
diff --git a/config/crd/bases/captain.benthos.dev_pipelines.yaml b/config/crd/bases/captain.benthos.dev_pipelines.yaml
index 745805f..447bf3c 100644
--- a/config/crd/bases/captain.benthos.dev_pipelines.yaml
+++ b/config/crd/bases/captain.benthos.dev_pipelines.yaml
@@ -71,7 +71,7 @@ spec:
                   directory on the pod. The key should be the file name and the value should be its content.
                 type: object
               env:
-                description: Env Environment Variable to set in the benthos pipeline
+                description: Env Environment Variables to set in the benthos pipeline
                   pod.
                 items:
                   description: EnvVar represents an environment variable present in
@@ -187,6 +187,11 @@ spec:
                 description: Image defines the image and tag to use for the Benthos
                   deployment.
                 type: string
+              imagePullSecret:
+                description: |-
+                  ImagePullSecret is an optional reference to a secret in the same namespace to use for pulling the image used by
+                  the benthos Pod. Similar to ImagePullSecrets, see v1.PodSpec#ImagePullSecrets.
+                type: string
               replicas:
                 description: Replicas defines the amount of replicas to create for
                   the Benthos deployment.
diff --git a/internal/pkg/resource/resource.go b/internal/pkg/resource/resource.go
index cbaba9b..2d7d3f3 100644
--- a/internal/pkg/resource/resource.go
+++ b/internal/pkg/resource/resource.go
@@ -20,6 +20,48 @@ func NewDeployment(name string, namespace string, scope captainv1.PipelineSpec)
 		image = scope.Image
 	}
 
+	podSpec := corev1.PodSpec{
+		Containers: []corev1.Container{{
+			Image:           image,
+			ImagePullPolicy: corev1.PullAlways,
+			Name:            "benthos",
+			Ports: []corev1.ContainerPort{{
+				ContainerPort: 4195,
+				Name:          "http",
+			}},
+			Args: []string{
+				"-c",
+				"/config/benthos.yaml",
+			},
+			VolumeMounts: []corev1.VolumeMount{
+				{
+					Name:      "config",
+					MountPath: "/config",
+					ReadOnly:  true,
+				},
+			},
+			Env: scope.Env,
+		}},
+		Volumes: []corev1.Volume{
+			{
+				Name: "config",
+				VolumeSource: corev1.VolumeSource{
+					ConfigMap: &corev1.ConfigMapVolumeSource{
+						LocalObjectReference: corev1.LocalObjectReference{
+							Name: "benthos-" + name,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	if scope.ImagePullSecret != "" {
+		podSpec.ImagePullSecrets = []corev1.LocalObjectReference{
+			{Name: scope.ImagePullSecret},
+		}
+	}
+
 	return &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
@@ -34,41 +76,7 @@ func NewDeployment(name string, namespace string, scope captainv1.PipelineSpec)
 				ObjectMeta: metav1.ObjectMeta{
 					Labels: labels,
 				},
-				Spec: corev1.PodSpec{
-					Containers: []corev1.Container{{
-						Image:           image,
-						ImagePullPolicy: corev1.PullAlways,
-						Name:            "benthos",
-						Ports: []corev1.ContainerPort{{
-							ContainerPort: 4195,
-							Name:          "http",
-						}},
-						Args: []string{
-							"-c",
-							"/config/benthos.yaml",
-						},
-						VolumeMounts: []corev1.VolumeMount{
-							{
-								Name:      "config",
-								MountPath: "/config",
-								ReadOnly:  true,
-							},
-						},
-						Env: scope.Env,
-					}},
-					Volumes: []corev1.Volume{
-						{
-							Name: "config",
-							VolumeSource: corev1.VolumeSource{
-								ConfigMap: &corev1.ConfigMapVolumeSource{
-									LocalObjectReference: corev1.LocalObjectReference{
-										Name: "benthos-" + name,
-									},
-								},
-							},
-						},
-					},
-				},
+				Spec: podSpec,
 			},
 		},
 	}