pull an image from a private registry

Signed-off-by: Eguzki Astiz Lezaun <[email protected]>

README.md

@@ -44,6 +44,7 @@ spec:
 * [Rate Limit Headers](./doc/rate-limit-headers.md)
 * [Logging](./doc/logging.md)
 * [Tracing](./doc/tracing.md)
+* [Custom Image](./doc/custom-image.md)
 
 ## Contributing
 
@@ -60,4 +61,4 @@ This software is licensed under the [Apache 2.0 license](https://www.apache.org/
 See the LICENSE and NOTICE files that should have been provided along with this software for details.
 
 
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FKuadrant%2Flimitador-operator.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2FKuadrant%2Flimitador-operator?ref=badge_large)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FKuadrant%2Flimitador-operator.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2FKuadrant%2Flimitador-operator?ref=badge_large)

api/v1alpha1/limitador_types.go

@@ -107,6 +107,9 @@ type LimitadorSpec struct {
 
 	// +optional
 	Image *string `json:"image,omitempty"`
+
+	// +optional
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
 }
 
 //+kubebuilder:object:root=true

doc/custom-image.md

@@ -0,0 +1,49 @@
+# Custom Image
+
+Currently, the limitador image being used in the deployment is read from different sources with some order of precedence:
+* If Limtador CR's `spec.image` is set -> image = `${spec.image}`
+* If Limtador CR's `spec.version` is set -> image = `quay.io/kuadrant/limitador:${spec.version}` (note the repo is hardcoded)
+* if `RELATED_IMAGE_LIMITADOR` env var is set -> image = `$RELATED_IMAGE_LIMITADOR`
+* else: hardcoded to `quay.io/kuadrant/limitador:latest`
+
+The `spec.image` field is not meant to be used in production environments.
+It is meant to be used for dev/testing purposes.
+The main drawback of the `spec.image` usage is that upgrades cannot be supported as the
+limitador operator cannot ensure the operation to be safe.
+
+
+```yaml
+---
+apiVersion: limitador.kuadrant.io/v1alpha1
+kind: Limitador
+metadata:
+  name: limitador-instance-1
+spec:
+  image: example.com/myorg/limitador-repo:custom-image-v1
+EOF
+```
+
+## Pull an Image from a Private Registry
+
+To pull an image from a private container image registry or repository, you need to provide credentials.
+
+Create a Secret by providing credentials on the command line
+
+```
+kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
+```
+
+Deploy limitador instance that uses your secret
+
+
+```yaml
+---
+apiVersion: limitador.kuadrant.io/v1alpha1
+kind: Limitador
+metadata:
+  name: limitador-instance-1
+spec:
+  image: example.com/myorg/limitador-repo:custom-image-v1
+  imagePullSecrets:
+  - name: regcred
+```