imagepullsecrets

package

v0.26.0 Latest Latest Go to latest Published: Apr 29, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/toolhive

Links

Documentation ¶

Overview ¶

Package imagepullsecrets provides cluster-wide default imagePullSecrets that the ToolHive operator applies to every workload it spawns.

The operator parses a comma-separated list of secret names from the TOOLHIVE_DEFAULT_IMAGE_PULL_SECRETS environment variable at startup and exposes the result as a Defaults value that controllers consume during reconciliation.

Defaults are merged with any per-CR imagePullSecrets at workload-construction time. See Defaults.Merge for the precedence rule.

Index ¶

Constants
type Defaults
- func LoadDefaultsFromEnv() Defaults
- func NewDefaults(names []string) Defaults
- func (d Defaults) List() []corev1.LocalObjectReference
- func (d Defaults) Merge(crLevel []corev1.LocalObjectReference) []corev1.LocalObjectReference

Constants ¶

View Source

const EnvVar = "TOOLHIVE_DEFAULT_IMAGE_PULL_SECRETS"

EnvVar is the environment variable name that the operator parses at startup to populate cluster-wide default imagePullSecrets.

The value is a comma-separated list of secret names, e.g. "regcred,otherscred". Whitespace around entries is tolerated; empty entries are skipped.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Defaults ¶

type Defaults struct {
	// contains filtered or unexported fields
}

Defaults holds the cluster-wide default imagePullSecrets that the operator applies to every workload it spawns when the corresponding CR does not explicitly override them.

The zero value is a usable empty Defaults: Merge returns the CR-level value unchanged. Construct a populated Defaults via LoadDefaultsFromEnv or NewDefaults.

func LoadDefaultsFromEnv ¶

func LoadDefaultsFromEnv() Defaults

LoadDefaultsFromEnv parses Defaults from the TOOLHIVE_DEFAULT_IMAGE_PULL_SECRETS environment variable.

The variable is a comma-separated list of secret names. An empty or unset variable yields an empty Defaults whose Merge is a no-op.

func NewDefaults ¶

func NewDefaults(names []string) Defaults

NewDefaults constructs a Defaults from a slice of secret names. Names are trimmed of surrounding whitespace; empty names are skipped.

func (Defaults) List ¶

func (d Defaults) List() []corev1.LocalObjectReference

List returns a freshly allocated copy of the configured default imagePullSecrets. The caller may freely mutate the returned slice. An empty Defaults returns nil (not a zero-length slice) so callers can leave a PodSpec or ServiceAccount field unset.

func (Defaults) Merge ¶

func (d Defaults) Merge(crLevel []corev1.LocalObjectReference) []corev1.LocalObjectReference

Merge combines the cluster-wide defaults with the CR-level imagePullSecrets and returns the resulting list.

Precedence rule: chart-level defaults are appended additively to the CR-level list, with the CR-level entries taking priority on name conflicts. Concretely:

The CR-level list comes first in the result, preserving its order.
Each chart-level default is appended only if its Name does not already appear in the CR-level list (deduplication is by Name).
The CR-level list is never mutated; callers receive a fresh slice.

If both inputs are empty, Merge returns nil so callers can leave the PodSpec/ServiceAccount field unset.

Source Files ¶

View all Source files

defaults.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL