Generate image pull secret at bootstrap

Add an optional flag called `--registry-creds` to the bootstrap
command for generating an image pull secret for container images
stored in private registries.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

pkg/bootstrap/bootstrap.go

@@ -173,6 +173,26 @@ func reconcileSecret(ctx context.Context, kube client.Client, secret corev1.Secr
 	return kube.Update(ctx, &existing)
 }
 
+func reconcileImagePullSecret(ctx context.Context, kube client.Client, installOpts install.Options) error {
+	credentials := strings.SplitN(installOpts.RegistryCredential, ":", 2)
+	dcj, err := sourcesecret.GenerateDockerConfigJson(installOpts.Registry, credentials[0], credentials[1])
+	if err != nil {
+		return fmt.Errorf("failed to generate docker config json: %w", err)
+	}
+
+	secret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: installOpts.Namespace,
+			Name:      installOpts.ImagePullSecret,
+		},
+		StringData: map[string]string{
+			corev1.DockerConfigJsonKey: string(dcj),
+		},
+		Type: corev1.SecretTypeDockerConfigJson,
+	}
+	return reconcileSecret(ctx, kube, secret)
+}
+
 func kustomizationPathDiffers(ctx context.Context, kube client.Client, objKey client.ObjectKey, path string) (string, error) {
 	var k kustomizev1.Kustomization
 	if err := kube.Get(ctx, objKey, &k); err != nil {

pkg/bootstrap/bootstrap_plain_git.go

@@ -207,6 +207,14 @@ func (b *PlainGitBootstrapper) ReconcileComponents(ctx context.Context, manifest
 		b.logger.Successf("installed components")
 	}
 
+	// Reconcile image pull secret if needed
+	if options.ImagePullSecret != "" && options.RegistryCredential != "" {
+		if err := reconcileImagePullSecret(ctx, b.kube, options); err != nil {
+			return fmt.Errorf("failed to reconcile image pull secret: %w", err)
+		}
+		b.logger.Successf("reconciled image pull secret %s", options.ImagePullSecret)
+	}
+
 	b.logger.Successf("reconciled components")
 	return nil
 }