Add image pull secret arg to install/bootstrap

cmd/tk/bootstrap.go

@@ -45,9 +45,10 @@ var bootstrapCmd = &cobra.Command{
 }
 
 var (
-	bootstrapVersion    string
+	bootstrapVersion         string
-	bootstrapComponents []string
+	bootstrapComponents      []string
-	bootstrapRegistry   string
+	bootstrapRegistry        string
+	bootstrapImagePullSecret string
 )
 
 const (
@@ -64,6 +65,8 @@ func init() {
 		"list of components, accepts comma-separated values")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "docker.io/fluxcd",
 		"container registry where the toolkit images are published")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
+		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	rootCmd.AddCommand(bootstrapCmd)
 }
 
@@ -75,7 +78,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string) (string, err
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, tkDir); err != nil {
+	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, tkDir); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 

cmd/tk/install.go

@@ -54,12 +54,13 @@ If a previous version is installed, then an in-place upgrade will be performed.`
 }
 
 var (
-	installExport        bool
+	installExport          bool
-	installDryRun        bool
+	installDryRun          bool
-	installManifestsPath string
+	installManifestsPath   string
-	installVersion       string
+	installVersion         string
-	installComponents    []string
+	installComponents      []string
-	installRegistry      string
+	installRegistry        string
+	installImagePullSecret string
 )
 
 func init() {
@@ -75,6 +76,8 @@ func init() {
 		"path to the manifest directory, dev only")
 	installCmd.Flags().StringVar(&installRegistry, "registry", "docker.io/fluxcd",
 		"container registry where the toolkit images are published")
+	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
+		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	rootCmd.AddCommand(installCmd)
 }
 
@@ -100,7 +103,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating manifests")
 	}
 	if kustomizePath == "" {
-		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, tmpDir)
+		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
 		}
@@ -252,6 +255,10 @@ spec:
       nodeSelector:
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+{{- if .ImagePullSecret }}
+      imagePullSecrets:
+       - name: {{.ImagePullSecret}}
+{{- end }}
 `
 
 func downloadManifests(version string, tmpDir string) error {
@@ -288,24 +295,26 @@ func downloadManifests(version string, tmpDir string) error {
 	return nil
 }
 
-func genInstallManifests(version string, namespace string, components []string, registry string, tmpDir string) error {
+func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, tmpDir string) error {
 	eventsAddr := ""
 	if utils.containsItemString(components, defaultNotification) {
 		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
 	}
 
 	model := struct {
-		Version    string
+		Version         string
-		Namespace  string
+		Namespace       string
-		Components []string
+		Components      []string
-		EventsAddr string
+		EventsAddr      string
-		Registry   string
+		Registry        string
+		ImagePullSecret string
 	}{
-		Version:    version,
+		Version:         version,
-		Namespace:  namespace,
+		Namespace:       namespace,
-		Components: components,
+		Components:      components,
-		EventsAddr: eventsAddr,
+		EventsAddr:      eventsAddr,
-		Registry:   registry,
+		Registry:        registry,
+		ImagePullSecret: imagePullSecret,
 	}
 
 	if err := downloadManifests(version, tmpDir); err != nil {

docs/cmd/tk_bootstrap.md

@@ -9,10 +9,11 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
 ### Options
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-  -h, --help                 help for bootstrap
+  -h, --help                       help for bootstrap
-      --registry string      container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-  -v, --version string       toolkit version (default "latest")
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### Options inherited from parent commands

docs/cmd/tk_bootstrap_github.md

@@ -54,13 +54,14 @@ tk bootstrap github [flags]
 ### Options inherited from parent commands
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --kubeconfig string    path to the kubeconfig file (default "~/.kube/config")
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-      --namespace string     the namespace scope for this operation (default "gitops-system")
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
-      --registry string      container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --namespace string           the namespace scope for this operation (default "gitops-system")
-      --timeout duration     timeout for this operation (default 5m0s)
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
-      --verbose              print generated objects
+      --timeout duration           timeout for this operation (default 5m0s)
-  -v, --version string       toolkit version (default "latest")
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### SEE ALSO

docs/cmd/tk_bootstrap_gitlab.md

@@ -50,13 +50,14 @@ tk bootstrap gitlab [flags]
 ### Options inherited from parent commands
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --kubeconfig string    path to the kubeconfig file (default "~/.kube/config")
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-      --namespace string     the namespace scope for this operation (default "gitops-system")
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
-      --registry string      container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --namespace string           the namespace scope for this operation (default "gitops-system")
-      --timeout duration     timeout for this operation (default 5m0s)
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
-      --verbose              print generated objects
+      --timeout duration           timeout for this operation (default 5m0s)
-  -v, --version string       toolkit version (default "latest")
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### SEE ALSO

docs/cmd/tk_install.md

@@ -31,13 +31,14 @@ tk install [flags]
 ### Options
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --dry-run              only print the object that would be applied
+      --dry-run                    only print the object that would be applied
-      --export               write the install manifests to stdout and exit
+      --export                     write the install manifests to stdout and exit
-  -h, --help                 help for install
+  -h, --help                       help for install
-      --manifests string     path to the manifest directory, dev only
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-      --registry string      container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --manifests string           path to the manifest directory, dev only
-  -v, --version string       toolkit version (default "latest")
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### Options inherited from parent commands