From f78d9964bf046520fa835ecf8206bf3c658c318b Mon Sep 17 00:00:00 2001
From: Sara Lambert <lambert8@illinois.edu>
Date: Tue, 21 May 2024 14:21:36 -0500
Subject: [PATCH] feat: allow for imagePullSecrets

---
 pkg/kube.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/kube.py b/pkg/kube.py
index f32bae8..06928d0 100644
--- a/pkg/kube.py
+++ b/pkg/kube.py
@@ -571,7 +571,6 @@ def create_userapp(username, email, userapp, spec_map):
             'args': stack_service['args'] if 'args' in stack_service else app_spec[
                 'args'] if 'args' in app_spec else None,
             'image': stack_service['image'] if 'image' in stack_service else app_spec['image'],
-            'imagePullPolicy': 'Always',
             'configmap': resource_name,
             'security_context': app_spec['securityContext'] if 'securityContext' in app_spec else None,
             'volume_mounts': volume_mounts,
@@ -624,6 +623,7 @@ def create_userapp(username, email, userapp, spec_map):
                               init_containers=init_containers,
                               labels=svc_labels,
                               containers=[container],
+                              image_pull_secrets=app_spec['image']['secrets'] if 'image' in app_spec and 'secrets' in app_spec['image'] else None,
                               collocate=userapp_id if 'collocate' in app_spec and app_spec['collocate'] else False)
 
     # Create one ingress per-stack
@@ -650,7 +650,8 @@ def create_userapp(username, email, userapp, spec_map):
 
     if should_run_as_single_pod:
         service_account = backend_config['userapps']['service_account_name'] if 'userapps' in backend_config and 'service_account_name' in backend_config['userapps'] else None
-
+        app_spec = spec_map.get(userapp_key, None)
+        
         # No need to collocate, since all will run in single pod
         # Create one deployment per-stack (start with 0 replicas, aka "Stopped")
         create_deployment(deployment_name=get_resource_name(get_username(username), userapp_id, userapp_key),
@@ -659,6 +660,7 @@ def create_userapp(username, email, userapp, spec_map):
                           service_account=service_account,
                           username=get_username(username),
                           labels=labels,
+                          image_pull_secrets=app_spec['image']['secrets'] if 'image' in app_spec and 'secrets' in app_spec['image'] else None,
                           # TODO: how to wait for deps in singlepod mode?
                           # init_containers=init_containers,
                           containers=containers)
@@ -952,7 +954,7 @@ def get_home_storage_class():
 
 # Containers:
 #   "busybox" -> { name, configmap, image, lifecycle, ports, command }
-def create_deployment(deployment_name, containers, labels, username, **kwargs):
+def create_deployment(deployment_name, containers, labels, username, image_pull_secrets=None, **kwargs):
     appv1 = client.AppsV1Api()
 
     # TODO: Validation
@@ -1003,6 +1005,7 @@ def create_deployment(deployment_name, containers, labels, username, **kwargs):
 
     # Build a podspec from given containers and other parameters
     podspec = client.V1PodSpec(
+        image_pull_secrets=image_pull_secrets,
         service_account_name=service_account_name,
         volumes=shared_volumes,
         init_containers=init_containers,
@@ -1041,6 +1044,7 @@ def create_deployment(deployment_name, containers, labels, username, **kwargs):
                 # TODO: support container.lifecycle?
                 lifecycle=container['lifecycle'] if 'lifecycle' in container else None,
                 image=get_image_string(container['image']),
+                image_pull_policy='Always',
                 ports=[
                     client.V1ContainerPort(
                         name='%s%s' % (port['protocol'] if 'protocol' in port else 'tcp', str(port['port'])),