feat: adding auth secret for terraform controller and terraform job to pull priate images

Author: Duc Thang Tran

chart/templates/terraform_controller.yaml

@@ -20,6 +20,10 @@ spec:
         - name: terraform-controller
           image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.authSecretName }}
+          imagePullSecrets:
+          - name: {{ .Values.authSecretName }}
+          {{- end }}
           args:
             {{- if .Values.controllerNamespace }}
             - --controller-namespace={{ .Values.controllerNamespace }}
@@ -38,6 +42,10 @@ spec:
               value: {{ .Values.busyboxImage}}
             - name: GIT_IMAGE
               value: {{ .Values.gitImage}}
+            {{- if .Values.jobAuthSecret }}
+            - name: JOB_AUTH_SECRET
+              value: {{ .Values.jobAuthSecret }}
+            {{- end }}
             - name: GITHUB_BLOCKED
               value: {{ .Values.githubBlocked }}
             {{ if .Values.jobBackoffLimit }}

chart/values.yaml

@@ -10,6 +10,9 @@ busyboxImage: busybox:latest
 terraformImage: oamdev/docker-terraform:1.1.5
 controllerNamespace: ""
 
+authSecretName: ""
+jobAuthSecret: ""
+
 # "{\"nat\": \"true\"}"
 jobNodeSelector: ""
 jobBackoffLimit: ""

controllers/configuration_controller.go

@@ -373,6 +373,8 @@ func (r *ConfigurationReconciler) preCheck(ctx context.Context, configuration *v
 		}
 	}
 
+	meta.JobAuthSecret = os.Getenv("JOB_AUTH_SECRET")
+
 	if err := r.preCheckResourcesSetting(meta); err != nil {
 		return err
 	}

controllers/process/meta.go

@@ -57,6 +57,9 @@ type TFConfigurationMeta struct {
 	BusyboxImage   string
 	GitImage       string
 
+	// JobAuthSecret is the secret name for pulling image in the Terraform job
+	JobAuthSecret string
+
 	// BackoffLimit specifies the number of retries to mark the Job as failed
 	BackoffLimit int32
 

controllers/process/process.go

@@ -328,6 +328,7 @@ func (meta *TFConfigurationMeta) assembleTerraformJob(executionType types.Terraf
 					Volumes:            executorVolumes,
 					RestartPolicy:      v1.RestartPolicyOnFailure,
 					NodeSelector:       meta.JobNodeSelector,
+					ImagePullSecrets:   []v1.LocalObjectReference{{Name: meta.JobAuthSecret}},
 				},
 			},
 		},