Flexible image pull secret reference (#3016)

Co-authored-by: pat-s <patrick.schratz@gmail.com>

pipeline/backend/kubernetes/pod.go

@@ -36,7 +36,7 @@ const (
 
 func mkPod(namespace, name, image, workDir, goos, serviceAccountName string,
 	pool, privileged bool,
-	commands, vols []string,
+	commands, vols, pullSecretNames []string,
 	labels, annotations, env, nodeSelector map[string]string,
 	extraHosts []types.HostAlias, tolerations []types.Toleration, resources types.Resources,
 	securityContext *types.SecurityContext, securityContextConfig SecurityContextConfig,
@@ -45,7 +45,8 @@ func mkPod(namespace, name, image, workDir, goos, serviceAccountName string,
 
 	meta := podMeta(name, namespace, labels, annotations)
 
-	spec, err := podSpec(serviceAccountName, vols, env, nodeSelector, extraHosts, tolerations, securityContext, securityContextConfig)
+	spec, err := podSpec(serviceAccountName, vols, pullSecretNames, env, nodeSelector, extraHosts, tolerations,
+		securityContext, securityContextConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -85,7 +86,7 @@ func podMeta(name, namespace string, labels, annotations map[string]string) meta
 	return meta
 }
 
-func podSpec(serviceAccountName string, vols []string, env, backendNodeSelector map[string]string,
+func podSpec(serviceAccountName string, vols, pullSecretNames []string, env, backendNodeSelector map[string]string,
 	extraHosts []types.HostAlias, backendTolerations []types.Toleration,
 	securityContext *types.SecurityContext, securityContextConfig SecurityContextConfig,
 ) (v1.PodSpec, error) {
@@ -93,7 +94,7 @@ func podSpec(serviceAccountName string, vols []string, env, backendNodeSelector
 	spec := v1.PodSpec{
 		RestartPolicy:      v1.RestartPolicyNever,
 		ServiceAccountName: serviceAccountName,
-		ImagePullSecrets:   []v1.LocalObjectReference{{Name: "regcred"}},
+		ImagePullSecrets:   imagePullSecretsReferences(pullSecretNames),
 	}
 
 	spec.HostAliases = hostAliases(extraHosts)
@@ -211,6 +212,22 @@ func hostAlias(extraHost types.HostAlias) v1.HostAlias {
 	}
 }
 
+func imagePullSecretsReferences(imagePullSecretNames []string) []v1.LocalObjectReference {
+	log.Trace().Msgf("Using the image pull secrets: %v", imagePullSecretNames)
+
+	secretReferences := make([]v1.LocalObjectReference, len(imagePullSecretNames))
+	for i, imagePullSecretName := range imagePullSecretNames {
+		secretReferences[i] = imagePullSecretsReference(imagePullSecretName)
+	}
+	return secretReferences
+}
+
+func imagePullSecretsReference(imagePullSecretName string) v1.LocalObjectReference {
+	return v1.LocalObjectReference{
+		Name: imagePullSecretName,
+	}
+}
+
 func resourceRequirements(resources types.Resources) (v1.ResourceRequirements, error) {
 	var err error
 	requirements := v1.ResourceRequirements{}
@@ -357,7 +374,7 @@ func startPod(ctx context.Context, engine *kube, step *types.Step) (*v1.Pod, err
 
 	pod, err := mkPod(engine.config.Namespace, podName, step.Image, step.WorkingDir, engine.goos, step.BackendOptions.Kubernetes.ServiceAccountName,
 		step.Pull, step.Privileged,
-		step.Commands, step.Volumes,
+		step.Commands, step.Volumes, engine.config.ImagePullSecretNames,
 		engine.config.PodLabels, engine.config.PodAnnotations, step.Environment, step.BackendOptions.Kubernetes.NodeSelector,
 		step.ExtraHosts, step.BackendOptions.Kubernetes.Tolerations, step.BackendOptions.Kubernetes.Resources, step.BackendOptions.Kubernetes.SecurityContext, engine.config.SecurityContext)
 	if err != nil {