add image pull secret

charts/k8up/Chart.yaml

@@ -6,7 +6,7 @@ keywords:
   - backup
   - operator
   - restic
-version: 4.4.3
+version: 4.4.4
 sources:
   - https://github.com/k8up-io/k8up
 maintainers:

charts/k8up/README.md

@@ -1,6 +1,6 @@
 # k8up
 
-![Version: 4.4.3](https://img.shields.io/badge/Version-4.4.3-informational?style=flat-square)
+![Version: 4.4.4](https://img.shields.io/badge/Version-4.4.4-informational?style=flat-square)
 
 Kubernetes and OpenShift Backup Operator based on restic
 
@@ -13,7 +13,7 @@ helm repo add k8up-io https://k8up-io.github.io/k8up
 helm install k8up k8up-io/k8up
 ```
 ```bash
-kubectl apply -f https://github.com/k8up-io/k8up/releases/download/k8up-4.4.3/k8up-crd.yaml
+kubectl apply -f https://github.com/k8up-io/k8up/releases/download/k8up-4.4.4/k8up-crd.yaml
 ```
 
 <!---
@@ -53,7 +53,7 @@ Document your changes in values.yaml and let `make docs:helm` generate this sect
 | k8up.backupImage.repository | string | `""` | The backup runner image repository. Defaults to `{image.registry}/{image.repository}`. Specify an image repository including registry, e.g. `example.com/repo/image` |
 | k8up.backupImage.tag | string | `""` | The backup runner image tag Defaults to `{image.tag}` |
 | k8up.enableLeaderElection | bool | `true` | Specifies whether leader election should be enabled. |
-| k8up.envVars | list | `[]` | envVars allows the specification of additional environment variables. See [values.yaml](values.yaml) how to specify See documentation which variables are supported. |
+| k8up.envVars | list | `[]` | envVars allows the specification of additional environment variables. See [values.yaml](values.yaml) how to specify See documentation which variables are supported. List of names of imagePullSecrets for backupImage Example: imagePullSecrets: "one_secret, two_secret" |
 | k8up.globalResources | object | empty values | Specify the resource requests and limits that the Pods should have when they are scheduled by K8up. You are still able to override those via K8up resources, but this gives cluster administrators custom defaults. |
 | k8up.globalResources.limits.cpu | string | `""` | Global CPU resource limit applied to jobs. See [supported units][resource-units]. |
 | k8up.globalResources.limits.memory | string | `""` | Global Memory resource limit applied to jobs. See [supported units][resource-units]. |

charts/k8up/templates/deployment.yaml

@@ -32,6 +32,10 @@ spec:
           env:
             - name: BACKUP_IMAGE
               value: "{{ include "k8up.backupImage" . }}"
+          {{- with .Values.k8up.imagePullSecrets }}
+            - name: IMAGE_SECRETS
+              value: "{{ . }}"
+          {{- end }}
           {{- with .Values.k8up.timezone }}
             - name: TZ
               value: {{ . }}

charts/k8up/values.yaml

@@ -26,6 +26,10 @@ k8up:
   # -- envVars allows the specification of additional environment variables.
   # See [values.yaml](values.yaml) how to specify
   # See documentation which variables are supported.
+
+  # List of names of imagePullSecrets for backupImage
+  # Example:
+  # imagePullSecrets: "one_secret, two_secret"
   envVars: []
   # - name: BACKUP_GLOBALACCESSKEYID
   #   valueFrom:

cmd/operator/main.go

@@ -25,6 +25,7 @@ const (
 	leaderElectionID = "d2ab61da.syn.tools"
 	argCommandRestic = "command-restic"
 	argResticOptions = "restic-options"
+	listImageSecrets = "ImageSecretPulls"
 )
 
 var (
@@ -64,6 +65,7 @@ var (
 			&cli.StringFlag{Destination: &cfg.Config.GlobalMemoryResourceLimit, Name: "global-memory-limit", EnvVars: []string{"BACKUP_GLOBAL_MEMORY_LIMIT"}, Usage: "set the memory limit for scheduled jobs"},
 
 			&cli.StringFlag{Destination: &cfg.Config.BackupImage, Name: "image", EnvVars: []string{"BACKUP_IMAGE"}, Value: "ghcr.io/k8up-io/k8up:latest", Usage: "URL of the restic image"},
+			&cli.StringSliceFlag{Name: listImageSecrets, EnvVars: []string{"IMAGE_SECRETS"}, Usage: "Secrets for access to  $BACKUP_IMAGE"},
 			&cli.StringSliceFlag{Name: argCommandRestic, EnvVars: []string{"BACKUP_COMMAND_RESTIC"}, Value: cli.NewStringSlice("/usr/local/bin/k8up", "restic"), Usage: "The command that is executed for restic backups."},
 			&cli.StringSliceFlag{Name: argResticOptions, EnvVars: []string{"BACKUP_RESTIC_OPTIONS"}, Usage: "Pass custom restic options in the form 'key=value,key2=value2'. See https://restic.readthedocs.io/en/stable/manual_rest.html?highlight=--option#usage-help"},
 			&cli.StringFlag{Destination: &cfg.Config.MountPath, Name: "datapath", Aliases: []string{"mountpath"}, EnvVars: []string{"BACKUP_DATAPATH"}, Value: "/data", Usage: "to which path the PVCs should get mounted in the backup container"},
@@ -91,6 +93,7 @@ func operatorMain(c *cli.Context) error {
 
 	cfg.Config.BackupCommandRestic = c.StringSlice(argCommandRestic)
 	cfg.Config.ResticOptions = strings.Join(c.StringSlice(argResticOptions), ",")
+	cfg.Config.ImageSecrets = c.StringSlice(listImageSecrets)
 
 	err := validateQuantityFlags(c)
 	if err != nil {

operator/cfg/config.go

@@ -70,6 +70,7 @@ type Configuration struct {
 	GlobalMemoryResourceRequest      string
 	GlobalMemoryResourceLimit        string
 	BackupImage                      string
+	ImageSecrets                     []string
 	BackupCommandRestic              []string
 	MetricsBindAddress               string
 	PodExecRoleName                  string

operator/job/job.go

@@ -60,6 +60,14 @@ func MutateBatchJob(batchJob *batchv1.Job, jobObj k8upv1.JobObject, config Confi
 	batchJob.Spec.Template.Spec.RestartPolicy = corev1.RestartPolicyOnFailure
 	batchJob.Spec.Template.Spec.SecurityContext = jobObj.GetPodSecurityContext()
 
+	if len(cfg.Config.ImageSecrets) != 0 {
+		var imPulSecs []corev1.LocalObjectReference
+		for _, secret := range cfg.Config.ImageSecrets {
+			imPulSecs = append(imPulSecs, corev1.LocalObjectReference{Name: secret})
+		}
+		batchJob.Spec.Template.Spec.ImagePullSecrets = imPulSecs
+	}
+
 	containers := batchJob.Spec.Template.Spec.Containers
 	if len(containers) == 0 {
 		containers = make([]corev1.Container, 1)

restic/cfg/config.go

@@ -44,6 +44,7 @@ type Configuration struct {
 	ResticBin        string
 	ResticRepository string
 	ResticOptions    string
+	ImageSecrets     []string
 
 	RestoreDir         string
 	RestoreS3Endpoint  string