adding keel.sh/imagePullSecret label/annotation to specify secrets

provider/kubernetes/kubernetes.go

@@ -9,7 +9,7 @@ import (
 	"github.com/Masterminds/semver"
 	"github.com/rusenask/cron"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 
 	"github.com/prometheus/client_golang/prometheus"
 
@@ -126,6 +126,25 @@ func (p *Provider) Stop() {
 	close(p.stop)
 }
 
+func getImagePullSecretFromMeta(labels map[string]string, annotations map[string]string) string {
+
+	searchKey := strings.ToLower(types.KeelImagePullSecretAnnotation)
+
+	for k, v := range labels {
+		if strings.ToLower(k) == searchKey {
+			return v
+		}
+	}
+
+	for k, v := range annotations {
+		if strings.ToLower(k) == searchKey {
+			return v
+		}
+	}
+
+	return ""
+}
+
 // TrackedImages returns a list of tracked images.
 func (p *Provider) TrackedImages() ([]*types.TrackedImage, error) {
 	var trackedImages []*types.TrackedImage
@@ -158,7 +177,15 @@ func (p *Provider) TrackedImages() ([]*types.TrackedImage, error) {
 
 		// trigger type, we only care for "poll" type triggers
 		trigger := policies.GetTriggerPolicy(labels, annotations)
-		secrets := gr.GetImagePullSecrets()
+
+		// getting image pull secrets
+		var secrets []string
+		specifiedSecret := getImagePullSecretFromMeta(labels, annotations)
+		if specifiedSecret != "" {
+			secrets = append(secrets, specifiedSecret)
+		}
+		secrets = append(secrets, gr.GetImagePullSecrets()...)
+
 		images := gr.GetImages()
 		for _, img := range images {
 			ref, err := image.Parse(img)

provider/kubernetes/kubernetes_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/keel-hq/keel/types"
 
 	apps_v1 "k8s.io/api/apps/v1"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	core_v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 )
@@ -1319,3 +1319,71 @@ func TestTrackedImages(t *testing.T) {
 		t.Errorf("could not find image pull secret")
 	}
 }
+
+func TestTrackedImagesWithSecrets(t *testing.T) {
+	fp := &fakeImplementer{}
+	fp.namespaces = &v1.NamespaceList{
+		Items: []v1.Namespace{
+			v1.Namespace{
+				meta_v1.TypeMeta{},
+				meta_v1.ObjectMeta{Name: "xxxx"},
+				v1.NamespaceSpec{},
+				v1.NamespaceStatus{},
+			},
+		},
+	}
+	deps := []*apps_v1.Deployment{
+		{
+			meta_v1.TypeMeta{},
+			meta_v1.ObjectMeta{
+				Name:      "dep-1",
+				Namespace: "xxxx",
+				Labels: map[string]string{
+					types.KeelPolicyLabel:               "all",
+					types.KeelImagePullSecretAnnotation: "foo-bar",
+				},
+			},
+			apps_v1.DeploymentSpec{
+				Template: v1.PodTemplateSpec{
+					Spec: v1.PodSpec{
+						Containers: []v1.Container{
+							v1.Container{
+								Image: "gcr.io/v2-namespace/hello-world:1.1",
+							},
+						},
+						ImagePullSecrets: []v1.LocalObjectReference{
+							v1.LocalObjectReference{
+								Name: "very-secret",
+							},
+						},
+					},
+				},
+			},
+			apps_v1.DeploymentStatus{},
+		},
+	}
+
+	grs := MustParseGRS(deps)
+	grc := &k8s.GenericResourceCache{}
+	grc.Add(grs...)
+
+	provider, err := NewProvider(fp, &fakeSender{}, approver(), grc)
+	if err != nil {
+		t.Fatalf("failed to get provider: %s", err)
+	}
+
+	imgs, err := provider.TrackedImages()
+	if err != nil {
+		t.Errorf("failed to get image: %s", err)
+	}
+	if len(imgs) != 1 {
+		t.Errorf("expected to find 1 image, got: %d", len(imgs))
+	}
+
+	if imgs[0].Secrets[0] != "foo-bar" {
+		t.Errorf("expected foo-bar, got: %s", imgs[0].Secrets[0])
+	}
+	if imgs[0].Secrets[1] != "very-secret" {
+		t.Errorf("expected very-secret, got: %s", imgs[0].Secrets[1])
+	}
+}

types/types.go

@@ -19,6 +19,8 @@ const KeelDefaultPort = 9300
 // KeelPolicyLabel - keel update policies (version checking)
 const KeelPolicyLabel = "keel.sh/policy"
 
+const KeelImagePullSecretAnnotation = "keel.sh/imagePullSecret"
+
 // KeelTriggerLabel - trigger label is used to specify custom trigger types
 // for example keel.sh/trigger=poll would signal poll trigger to start watching for repository
 // changes