support custom imagePullSecrets in CSI ServiceAccounts

sample usage:
CSI_IMAGE_PULL_SECRETS="secret-1" make build-installer
helm template csi deploy/charts/ceph-csi-drivers --set 'csiImagePullSecrets={secret-1}'

Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>

Author: leelavg

Makefile

@@ -9,6 +9,8 @@ NAME_PREFIX ?= ceph-csi-operator-
 NAMESPACE ?= $(NAME_PREFIX)system
 # A comma separated list of namespaces for operator to cache objects from
 WATCH_NAMESPACE ?= ""
+# A comma separated list of imagepullsecret names that will be added to all CSI deployments and daemonsets
+CSI_IMAGE_PULL_SECRETS ?=
 
 IMG ?= $(IMAGE_REGISTRY)/$(REGISTRY_NAMESPACE)/$(IMAGE_NAME):$(IMAGE_TAG)
 
@@ -35,6 +37,8 @@ SHELL = /usr/bin/env bash -o pipefail
 
 # Define the content of the temporary top-most kustomize overlay for the
 # build-installer, build-multifile-installer and deploy targets
+# Awk statement converts comma-separated secrets to JSON array of objects
+# ie, "secret-1,secret-2" -> [{"name": "secret-1", "name": "secret-2"}]
 define BUILD_INSTALLER_OVERLAY
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
@@ -55,6 +59,14 @@ patches:
   target:
     kind: Deployment
     name: controller-manager
+$(if $(CSI_IMAGE_PULL_SECRETS),
+- patch: |-
+    - op: add
+      path: /imagePullSecrets
+      value: [$(shell echo -n "$(CSI_IMAGE_PULL_SECRETS)" | awk -F',' '{for(i=1;i<=NF;i++) printf "%s{\"name\": \"%s\"}", (i>1?", ":""), $$i}')]
+  target:
+    kind: ServiceAccount
+)
 images:
 - name: controller
   newName: ${IMG}
@@ -71,6 +83,15 @@ namespace: $(NAMESPACE)
 namePrefix: $(NAME_PREFIX)
 resources:
 - ../config/csi-rbac
+$(if $(CSI_IMAGE_PULL_SECRETS),
+patches:
+- patch: |-
+    - op: add
+      path: /imagePullSecrets
+      value: [$(shell echo -n "$(CSI_IMAGE_PULL_SECRETS)" | awk -F',' '{for(i=1;i<=NF;i++) printf "%s{\"name\": \"%s\"}", (i>1?", ":""), $$i}')]
+  target:
+    kind: ServiceAccount
+)
 endef
 export BUILD_CSI_RBAC_OVERLAY
 

deploy/charts/ceph-csi-drivers/templates/serviceaccount.yaml

@@ -8,11 +8,23 @@ kind: ServiceAccount
 metadata:
   name: {{ $normalizedDriverName }}-ctrlplugin-sa
   namespace: {{ $root.Release.Namespace }}
+{{- if gt (len $root.Values.csiImagePullSecrets) 0 }}
+imagePullSecrets:
+  {{ range $pullSecret := $root.Values.csiImagePullSecrets -}}
+  - name: {{ $pullSecret }}
+  {{- end }}
+{{- end }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ $normalizedDriverName }}-nodeplugin-sa
   namespace: {{ $root.Release.Namespace }}
+{{- if gt (len $root.Values.csiImagePullSecrets) 0 }}
+imagePullSecrets:
+  {{- range $pullSecret := $root.Values.csiImagePullSecrets -}}
+  - name: {{ $pullSecret }}
+  {{- end }}
+{{- end }}
 {{- end }}
 {{- end }}

deploy/charts/ceph-csi-drivers/values.yaml

@@ -474,3 +474,6 @@ drivers:
 
       # List of tolerations for the controller plugin
       tolerations: []
+
+# List of pull secret names that will be added to all csi serviceaccounts
+csiImagePullSecrets: []

docs/helm-charts/drivers-chart.md

@@ -56,6 +56,7 @@ The following table lists the configurable parameters of the ceph-csi-drivers ch
 | `clientProfiles[0].cephFs.subVolumeGroup` |  | `""` |
 | `clientProfiles[0].name` |  | `""` |
 | `clientProfiles[0].rbd.radosNamespace` |  | `""` |
+| `csiImagePullSecrets` |  | `[]` |
 | `drivers.cephfs.attachRequired` |  | `true` |
 | `drivers.cephfs.cephFsClientType` |  | `"kernel"` |
 | `drivers.cephfs.clusterName` |  | `""` |