async Task ManageImagePullSecrets(V1SecretList existing, List <V1Secret> desired, CancellationToken token)
{
// find difference between desired and existing image pull secrets
var diff = FindImagePullSecretDiff(desired, existing.Items);
// Update only those image pull secrets if configurations have not matched
var updatingTask = diff.Updated
.Select(
update =>
{
Events.UpdateImagePullSecret(update.To);
update.To.Metadata.ResourceVersion = update.From.Metadata.ResourceVersion;
return(this.client.ReplaceNamespacedSecretAsync(update.To, update.To.Metadata.Name, this.deviceNamespace, cancellationToken: token));
});
await Task.WhenAll(updatingTask);
// Delete all existing image pull secrets that are not in desired list
var removingTasks = diff.Removed
.Select(
name =>
{
Events.DeleteImagePullSecret(name);
return(this.client.DeleteNamespacedSecretAsync(name, this.deviceNamespace, cancellationToken: token));
});
await Task.WhenAll(removingTasks);
// Create new desired image pull secrets
foreach (V1Secret secret in diff.Added)
{
// Allow user to override image pull secrets even if they were created not by agent (e.g. during installation and/or iotedged)
try
{
Events.CreateImagePullSecret(secret);
await this.client.CreateNamespacedSecretAsync(secret, this.deviceNamespace, cancellationToken : token);
}
catch (HttpOperationException e) when(e.Response.StatusCode == HttpStatusCode.Conflict)
{
Events.UpdateExistingImagePullSecret(secret);
V1Secret conflictedSecret = await this.client.ReadNamespacedSecretAsync(secret.Metadata.Name, secret.Metadata.NamespaceProperty, cancellationToken : token);
conflictedSecret.Data = secret.Data;
await this.client.ReplaceNamespacedSecretAsync(conflictedSecret, conflictedSecret.Metadata.Name, conflictedSecret.Metadata.NamespaceProperty, cancellationToken : token);
}
}
}
async Task ManageImagePullSecrets(CancellationToken token)
{
var deviceOnlyLabels = new Dictionary <string, string>
{
[KubernetesConstants.K8sEdgeDeviceLabel] = KubeUtils.SanitizeLabelValue(this.resourceName.DeviceId),
};
// Modules may share an image pull secret, so only pick unique ones to add to the dictionary.
List <V1Secret> desiredImagePullSecrets = this.modules
.Select(module => this.configProvider.GetCombinedConfig(module, this.runtimeInfo))
.Select(config => config.ImagePullSecret)
.FilterMap()
.GroupBy(secret => secret.Name)
.Select(secretGroup => this.CreateSecret(secretGroup.First(), deviceOnlyLabels))
.ToList();
V1SecretList currentImagePullSecrets = await this.client.ListNamespacedSecretAsync(this.deviceNamespace, labelSelector : this.deviceSelector, cancellationToken : token);
await this.ManageImagePullSecrets(currentImagePullSecrets, desiredImagePullSecrets, token);
}
