Allow for setting imagePullSecrets

[NikeNano]

Changes

NOTE: I am not assigned to the issue, but fixed it since I saw that it was stale for some time and thought it would be fun to try to fix it.

This PR updates the PodTemplate with ImagePullSecret to allow for setting image pull secrets. This PR aims to fix issue #1779.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes tests (if functionality changed/added)
• Includes docs (if user facing)
• Commit messages follow commit message best practices

See the contribution guide for more details.

Double check this list of stuff that's easy to miss:

• If you are adding a new binary/image to the cmd dir, please update
  the release Task to build and release this image.

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

Allow to specify ImagePullSecrets in the PodTemplate.

[tekton-robot]

Hi @NikeNano. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[NikeNano]

I have some issues with git and cant squash the commit, will fix it and squash according to the best practice.

[afrittoli]

Thank you for this. I think it's a handy feature to have.
@imjasonh @skaegi
/approve

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: afrittoli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [afrittoli]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[afrittoli]

/ok-to-test

[dibyom]

The feature seems fine to me. Wondering if there are any implications for setting the imagePullSecret here vs the service account as mentioned in https://github.com/tektoncd/pipeline/blob/master/docs/container-contract.md#entrypoint

Perhaps @imjasonh knows ?

[afrittoli]

The feature seems fine to me. Wondering if there are any implications for setting the imagePullSecret here vs the service account as mentioned in https://github.com/tektoncd/pipeline/blob/master/docs/container-contract.md#entrypoint

Perhaps @imjasonh knows ?

Good point

[NikeNano]

friendly ping @imjasonh :)

[vdemeester]

/kind feature

[imjasonh]

AIUI this will make image pull secrets available, alongside any secrets available to the specified SA. So this shouldn't break any existing users, and should give more options to power users.

[NikeNano]

@dibyom is there anything more I can do, except fixing the merge conflict? I have not squashed the commits since there is a merge in the middle and where not able to fix it :(.

[vdemeester]

@NikeNano you may need to get the changes and re-apply them on a clean state, something like the following could work

# Making sure we are on the branch :)
git checkout image_pull_request
# Merge and fix conflict
git merge origin/master
# … fix conflict
git merge --continue
# generate a diff
git diff origin/master..HEAD > mypr.diff
# backup the branch
git checkout -b backupbranch
# force-reset this PR branch
git checkout origin/master -B image_pull_secret
# apply the diff
git apply mypr.diff
# commit
git commit -s 
# force push
git push --force-with-lease origin image_pull_secret
# clean mypr.diff
rm mypr.diff

This should be roughly the equivalent of stashing the changes into one commit.

In the future, when working on OSS project, it tends to be better to use git rebase to update the branches which are used in a pull-request 😉

/hold

[NikeNano]

@NikeNano you may need to get the changes and re-apply them on a clean state, something like the following could work

# Making sure we are on the branch :)
git checkout image_pull_request
# Merge and fix conflict
git merge origin/master
# … fix conflict
git merge --continue
# generate a diff
git diff origin/master..HEAD > mypr.diff
# backup the branch
git checkout -b backupbranch
# force-reset this PR branch
git checkout origin/master -B image_pull_secret
# apply the diff
git apply mypr.diff
# commit
git commit -s 
# force push
git push --force-with-lease origin image_pull_secret
# clean mypr.diff
rm mypr.diff

This should be roughly the equivalent of stashing the changes into one commit.

In the future, when working on OSS project, it tends to be better to use git rebase to update the branche which are used in a pull-request 😉

/hold

Thanks @vdemeester will fix this tomorrow!

[NikeNano]

@vdemeester I have squashed the commit messages.

[afrittoli]

Something went wrong in the merge of the docs.
Once this is fixed we can lift the hold and get this merged :)

[NikeNano]

@afrittoli should be fixed now!

[NikeNano]

Is there something I can fix @afrittoli :)

[NikeNano]

any updates @afrittoli @vdemeester :)

[afrittoli]

/lgtm

[vdemeester]

/test pull-tekton-pipeline-integration-tests