From 62f1abf7c4477af43eb91378dee77fe2ca4e8f60 Mon Sep 17 00:00:00 2001
From: Huabing Zhao <zhaohuabing@gmail.com>
Date: Tue, 28 May 2024 18:39:59 -0700
Subject: [PATCH] helm: support ratelimit image pull secrets and pull policy
 (#3454)

* support ratelimit image pull secrets

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* support ratelimit image pull policy

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix gen check

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
---
 charts/gateway-helm/README.md                 |  4 +++-
 charts/gateway-helm/templates/_helpers.tpl    | 20 +++++++++++++++++--
 charts/gateway-helm/values.tmpl.yaml          |  8 +++-----
 .../kubernetes/ratelimit/resource_provider.go |  5 +++--
 .../en/latest/install/gateway-helm-api.md     |  4 +++-
 test/helm/default-config.out.yaml             |  9 +++++++++
 test/helm/deployment-images-config.out.yaml   |  9 +++++++++
 test/helm/envoy-gateway-config.out.yaml       |  9 +++++++++
 test/helm/global-images-config.in.yaml        |  6 +++++-
 test/helm/global-images-config.out.yaml       | 13 ++++++++++++
 10 files changed, 75 insertions(+), 12 deletions(-)

diff --git a/charts/gateway-helm/README.md b/charts/gateway-helm/README.md
index afc7297dda9..3caff48fde9 100644
--- a/charts/gateway-helm/README.md
+++ b/charts/gateway-helm/README.md
@@ -91,8 +91,10 @@ To uninstall the chart:
 | deployment.ports[2].targetPort | int | `19001` |  |
 | deployment.replicas | int | `1` |  |
 | global.images.envoyGateway.image | string | `nil` |  |
-| global.images.envoyGateway.imagePullSecrets | list | `[]` |  |
 | global.images.envoyGateway.pullPolicy | string | `nil` |  |
+| global.images.envoyGateway.pullSecrets | list | `[]` |  |
 | global.images.ratelimit.image | string | `"docker.io/envoyproxy/ratelimit:master"` |  |
+| global.images.ratelimit.pullPolicy | string | `"IfNotPresent"` |  |
+| global.images.ratelimit.pullSecrets | list | `[]` |  |
 | kubernetesClusterDomain | string | `"cluster.local"` |  |
 
diff --git a/charts/gateway-helm/templates/_helpers.tpl b/charts/gateway-helm/templates/_helpers.tpl
index 0802657f85b..d9aefc2a847 100755
--- a/charts/gateway-helm/templates/_helpers.tpl
+++ b/charts/gateway-helm/templates/_helpers.tpl
@@ -88,9 +88,9 @@ Pull secrets for the Envoy Gateway image.
 {{- if .Values.deployment.envoyGateway.imagePullSecrets -}}
 imagePullSecrets:
 {{ toYaml .Values.deployment.envoyGateway.imagePullSecrets }}
-{{- else if .Values.global.images.envoyGateway.imagePullSecrets -}}
+{{- else if .Values.global.images.envoyGateway.pullSecrets -}}
 imagePullSecrets:
-{{ toYaml .Values.global.images.envoyGateway.imagePullSecrets }}
+{{ toYaml .Values.global.images.envoyGateway.pullSecrets }}
 {{- else -}}
 imagePullSecrets: []
 {{- end }}
@@ -110,6 +110,22 @@ provider:
         {{- else }}
         image: "docker.io/envoyproxy/ratelimit:master"
         {{- end }}
+      {{- with .Values.global.images.ratelimit.pullSecrets }}
+      pod:
+        imagePullSecrets:
+        {{- toYaml . | nindent 10 }}
+      {{- end }}
+      {{- with .Values.global.images.ratelimit.pullPolicy }}
+      patch:
+        type: StrategicMerge
+        value:
+          spec:
+            template:
+              spec:
+                containers:
+                - name: envoy-ratelimit
+                  imagePullPolicy: {{ . }}
+      {{- end }}
     shutdownManager:
       image: {{ include "eg.image" . }}
 {{- end }}
diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml
index 0513ff81143..21fd1e02cff 100644
--- a/charts/gateway-helm/values.tmpl.yaml
+++ b/charts/gateway-helm/values.tmpl.yaml
@@ -9,17 +9,15 @@ global:
       # Default behavior: latest images will be Always else IfNotPresent.
       pullPolicy: ${GatewayImagePullPolicy}
       # List of secrets in the same namespace of the component that can be used to pull images from private repositories.
-      imagePullSecrets: []
+      pullSecrets: []
     ratelimit:
       # This is the full image name including the hub, repo, and tag.
       image: "docker.io/envoyproxy/ratelimit:master"
-      # TODO: zhaohuabing add support for imagePullSecrets for ratelimit
       # Specify image pull policy if default behavior isn't desired.
       # Default behavior: latest images will be Always else IfNotPresent.
-      # pullPolicy: IfNotPresent
+      pullPolicy: IfNotPresent
       # List of secrets in the same namespace of the component that can be used to pull images from private repositories.
-      # imagePullSecrets: []
-    # statsd: TODO: zhaohuabing add custom image support for statsd image
+      pullSecrets: []
 
 deployment:
   envoyGateway:
diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go
index 62d8e3df4ce..90b6eba8f69 100644
--- a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go
+++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go
@@ -255,8 +255,9 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) {
 	}
 
 	// apply merge patch to deployment
-	if merged, err := r.rateLimitDeployment.ApplyMergePatch(deployment); err == nil {
-		deployment = merged
+	var err error
+	if deployment, err = r.rateLimitDeployment.ApplyMergePatch(deployment); err != nil {
+		return nil, err
 	}
 
 	return deployment, nil
diff --git a/site/content/en/latest/install/gateway-helm-api.md b/site/content/en/latest/install/gateway-helm-api.md
index bb5a0f5272e..7dbf2a58a34 100644
--- a/site/content/en/latest/install/gateway-helm-api.md
+++ b/site/content/en/latest/install/gateway-helm-api.md
@@ -55,8 +55,10 @@ The Helm chart for Envoy Gateway
 | deployment.ports[2].targetPort | int | `19001` |  |
 | deployment.replicas | int | `1` |  |
 | global.images.envoyGateway.image | string | `nil` |  |
-| global.images.envoyGateway.imagePullSecrets | list | `[]` |  |
 | global.images.envoyGateway.pullPolicy | string | `nil` |  |
+| global.images.envoyGateway.pullSecrets | list | `[]` |  |
 | global.images.ratelimit.image | string | `"docker.io/envoyproxy/ratelimit:master"` |  |
+| global.images.ratelimit.pullPolicy | string | `"IfNotPresent"` |  |
+| global.images.ratelimit.pullSecrets | list | `[]` |  |
 | kubernetesClusterDomain | string | `"cluster.local"` |  |
 
diff --git a/test/helm/default-config.out.yaml b/test/helm/default-config.out.yaml
index ba4840ee017..25326c67742 100644
--- a/test/helm/default-config.out.yaml
+++ b/test/helm/default-config.out.yaml
@@ -38,6 +38,15 @@ data:
         rateLimitDeployment:
           container:
             image: docker.io/envoyproxy/ratelimit:master
+          patch:
+            type: StrategicMerge
+            value:
+              spec:
+                template:
+                  spec:
+                    containers:
+                    - imagePullPolicy: IfNotPresent
+                      name: envoy-ratelimit
         shutdownManager:
           image: docker.io/envoyproxy/gateway-dev:latest
       type: Kubernetes
diff --git a/test/helm/deployment-images-config.out.yaml b/test/helm/deployment-images-config.out.yaml
index 78256bf94df..b13dc2261a5 100644
--- a/test/helm/deployment-images-config.out.yaml
+++ b/test/helm/deployment-images-config.out.yaml
@@ -38,6 +38,15 @@ data:
         rateLimitDeployment:
           container:
             image: docker.io/envoyproxy/ratelimit:master
+          patch:
+            type: StrategicMerge
+            value:
+              spec:
+                template:
+                  spec:
+                    containers:
+                    - imagePullPolicy: IfNotPresent
+                      name: envoy-ratelimit
         shutdownManager:
           image: private-hub/envoyproxy/gateway:abcdef12
       type: Kubernetes
diff --git a/test/helm/envoy-gateway-config.out.yaml b/test/helm/envoy-gateway-config.out.yaml
index a2b051ea23c..612306e1f0e 100644
--- a/test/helm/envoy-gateway-config.out.yaml
+++ b/test/helm/envoy-gateway-config.out.yaml
@@ -40,6 +40,15 @@ data:
         rateLimitDeployment:
           container:
             image: private-hub/envoyproxy/ratelimit:master
+          patch:
+            type: StrategicMerge
+            value:
+              spec:
+                template:
+                  spec:
+                    containers:
+                    - imagePullPolicy: IfNotPresent
+                      name: envoy-ratelimit
         shutdownManager:
           image: docker.io/envoyproxy/gateway-dev:latest
       type: Kubernetes
diff --git a/test/helm/global-images-config.in.yaml b/test/helm/global-images-config.in.yaml
index bbcb3a2028a..ee8250cbea2 100644
--- a/test/helm/global-images-config.in.yaml
+++ b/test/helm/global-images-config.in.yaml
@@ -3,8 +3,12 @@ global:
     envoyGateway:
       image: "private-hub/envoyproxy/gateway:abcdef12"
       pullPolicy: Always
-      imagePullSecrets:
+      pullSecrets:
         - name: "secret1"
         - name: "secret2"
     ratelimit:
       image: "private-hub/envoyproxy/ratelimit:test"
+      pullPolicy: Always
+      pullSecrets:
+        - name: "secret3"
+        - name: "secret4"
diff --git a/test/helm/global-images-config.out.yaml b/test/helm/global-images-config.out.yaml
index 0d417c21035..89788eaef1a 100644
--- a/test/helm/global-images-config.out.yaml
+++ b/test/helm/global-images-config.out.yaml
@@ -38,6 +38,19 @@ data:
         rateLimitDeployment:
           container:
             image: private-hub/envoyproxy/ratelimit:test
+          patch:
+            type: StrategicMerge
+            value:
+              spec:
+                template:
+                  spec:
+                    containers:
+                    - imagePullPolicy: Always
+                      name: envoy-ratelimit
+          pod:
+            imagePullSecrets:
+            - name: secret3
+            - name: secret4
         shutdownManager:
           image: private-hub/envoyproxy/gateway:abcdef12
       type: Kubernetes