Merge pull request #395 from oracle/issue_393

Issue 393

Author: rjeberhard

kubernetes/internal/create-weblogic-domain.sh

@@ -560,6 +560,7 @@ function createYamlFiles {
   sed -i -e "s:%DOMAIN_NAME%:${domainName}:g" ${dcrOutput}
   sed -i -e "s:%ADMIN_SERVER_NAME%:${adminServerName}:g" ${dcrOutput}
   sed -i -e "s:%WEBLOGIC_IMAGE%:${weblogicImage}:g" ${dcrOutput}
+  sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_NAME%:${weblogicImagePullSecretName}:g" ${dcrOutput}
   sed -i -e "s:%ADMIN_PORT%:${adminPort}:g" ${dcrOutput}
   sed -i -e "s:%INITIAL_MANAGED_SERVER_REPLICAS%:${initialManagedServerReplicas}:g" ${dcrOutput}
   sed -i -e "s:%EXPOSE_T3_CHANNEL_PREFIX%:${exposeAdminT3ChannelPrefix}:g" ${dcrOutput}

kubernetes/internal/domain-custom-resource-template.yaml

@@ -24,6 +24,9 @@ spec:
   image: "%WEBLOGIC_IMAGE%"
   # imagePullPolicy defaults to "Always" if image version is :latest
   imagePullPolicy: "IfNotPresent"
+  # Identify which Secret contains the credentials for pulling an image
+  imagePullSecret:
+    name: %WEBLOGIC_IMAGE_PULL_SECRET_NAME%
   # Identify which Secret contains the WebLogic Admin credentials (note that there is an example of
   # how to create that Secret at the end of this file)
   adminSecret: 

kubernetes/src/test/java/oracle/kubernetes/operator/create/CreateDomainGeneratedFilesBaseTest.java

@@ -434,6 +434,7 @@ protected Domain getExpectedDomain() {
                 .withDomainName(getInputs().getDomainName())
                 .withImage("store/oracle/weblogic:12.2.1.3")
                 .withImagePullPolicy("IfNotPresent")
+                .withImagePullSecretName(getInputs().getWeblogicImagePullSecretName())
                 .withAdminSecret(
                     newSecretReference().name(getInputs().getWeblogicCredentialsSecretName()))
                 .withAsName(getInputs().getAdminServerName())

model/src/main/java/oracle/kubernetes/weblogic/domain/v1/DomainSpec.java

@@ -4,8 +4,10 @@
 
 package oracle.kubernetes.weblogic.domain.v1;
 
+import com.google.common.base.Strings;
 import com.google.gson.annotations.Expose;
 import com.google.gson.annotations.SerializedName;
+import io.kubernetes.client.models.V1LocalObjectReference;
 import io.kubernetes.client.models.V1SecretReference;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -59,6 +61,16 @@ public class DomainSpec {
   @Deprecated
   private String imagePullPolicy;
 
+  /**
+   * Reference to the secret used to authenticate a request for an image pull.
+   *
+   * <p>More info:
+   * https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
+   */
+  @SerializedName("imagePullSecret")
+  @Expose
+  private V1LocalObjectReference imagePullSecret;
+
   /**
    * Reference to secret containing domain administrator username and password. Secret must contain
    * keys names 'username' and 'password' (Required)
@@ -366,6 +378,41 @@ public DomainSpec withImagePullPolicy(String imagePullPolicy) {
     return this;
   }
 
+  /**
+   * Returns the reference to the secret used to authenticate a request for an image pull.
+   *
+   * <p>More info:
+   * https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
+   */
+  public V1LocalObjectReference getImagePullSecret() {
+    return hasImagePullSecret() ? imagePullSecret : null;
+  }
+
+  private boolean hasImagePullSecret() {
+    return imagePullSecret != null && !Strings.isNullOrEmpty(imagePullSecret.getName());
+  }
+
+  /**
+   * Reference to the secret used to authenticate a request for an image pull.
+   *
+   * <p>More info:
+   * https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
+   */
+  public void setImagePullSecret(V1LocalObjectReference imagePullSecret) {
+    this.imagePullSecret = imagePullSecret;
+  }
+
+  /**
+   * The name of the secret used to authenticate a request for an image pull.
+   *
+   * <p>More info:
+   * https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
+   */
+  public DomainSpec withImagePullSecretName(String imagePullSecretName) {
+    this.imagePullSecret = new V1LocalObjectReference().name(imagePullSecretName);
+    return this;
+  }
+
   /**
    * Reference to secret containing domain administrator username and password. Secret must contain
    * keys names 'username' and 'password' (Required)

operator/src/main/java/oracle/kubernetes/operator/helpers/PodStepContext.java

@@ -15,6 +15,7 @@
 import io.kubernetes.client.models.V1ExecAction;
 import io.kubernetes.client.models.V1Handler;
 import io.kubernetes.client.models.V1Lifecycle;
+import io.kubernetes.client.models.V1LocalObjectReference;
 import io.kubernetes.client.models.V1ObjectMeta;
 import io.kubernetes.client.models.V1PersistentVolume;
 import io.kubernetes.client.models.V1PersistentVolumeClaim;
@@ -609,6 +610,10 @@ protected V1PodSpec createSpec(TuningParameters tuningParameters) {
                             .name(KubernetesConstants.DOMAIN_CONFIG_MAP_NAME)
                             .defaultMode(ALL_READ_AND_EXECUTE)));
 
+    V1LocalObjectReference imagePullSecret = info.getDomain().getSpec().getImagePullSecret();
+    if (imagePullSecret != null) {
+      podSpec.addImagePullSecretsItem(imagePullSecret);
+    }
     if (!getClaims().isEmpty()) {
       podSpec.addVolumesItem(
           new V1Volume()

operator/src/test/java/oracle/kubernetes/operator/helpers/PodHelperTestBase.java

@@ -35,6 +35,7 @@
 import io.kubernetes.client.models.V1ExecAction;
 import io.kubernetes.client.models.V1Handler;
 import io.kubernetes.client.models.V1Lifecycle;
+import io.kubernetes.client.models.V1LocalObjectReference;
 import io.kubernetes.client.models.V1ObjectMeta;
 import io.kubernetes.client.models.V1PersistentVolume;
 import io.kubernetes.client.models.V1PersistentVolumeClaim;
@@ -233,6 +234,19 @@ public void whenPodCreatedWithVersionedImage_useIfNotPresentPolicy() {
     assertThat(v1Container.getImagePullPolicy(), equalTo(IFNOTPRESENT_IMAGEPULLPOLICY));
   }
 
+  @Test
+  public void whenPodCreatedWithoutPullSecret_doNotAddToPod() {
+    assertThat(getCreatedPod().getSpec().getImagePullSecrets(), nullValue());
+  }
+
+  @Test
+  public void whenPodCreatedWithPullSecret_addToPod() {
+    V1LocalObjectReference imagePullSecret = new V1LocalObjectReference().name("secret");
+    domainPresenceInfo.getDomain().getSpec().setImagePullSecret(imagePullSecret);
+
+    assertThat(getCreatedPod().getSpec().getImagePullSecrets(), hasItem(imagePullSecret));
+  }
+
   @Test
   public void whenPodCreated_containerHasExpectedVolumeMounts() {
     assertThat(