Skip to content

Support updates to image pull secret references #5336

Description

@weyfonk

This is different to #5325, which deals with updates to the secrets themselves, when configuration (whether global.cattle.imagePullSecrets or a Cluster's agentPullSecrets) remains the same.

When the configuration itself is updated, Fleet needs to react accordingly.

Acceptance criteria:

  • When global.cattle.imagePullSecrets is updated:
    • no longer referenced secrets need to be deleted from downstream clusters where they had been previously propagated
    • newly referenced secrets must be propagated to downstream clusters. For each downstream cluster, that must happen if and only if, the Cluster-level agentPullSecrets field has a nil value (an empty value would mean that no image pull secrets should be used for that cluster). See Enable agent image pull secrets propagation to be disabled #5254 for more context.
  • When a Cluster object's agentPullSecrets is updated:
    • if the change is nil → no longer nil, then secrets which may have already been propagated from global.cattle.imagePullSecrets must be deleted from the corresponding downstream cluster
    • for a non-nilnil change, any secrets configured in global.cattle.imagePullSecrets must now be propagated to that downstream cluster.

Note (from this comment):

Setting owner references for [agent image pull secrets] from the controller may be challenging, as they will be created at the same time as the agent deployment itself. However, we could also consider having the agent check its own deployment's image pull secrets and adopting them, which could be cleaner and less error-prone than eagerly deleting secrets in the agent deployment namespace which would not be referenced as the agent deployment's own image pull secrets.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    🆕 New

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions