fix(k8s): copy imagePullSecrets to builder pods

Ensure that any `imagePullSecrets` defined in the k8s provider are
copied to any Kaniko/BuildKit pod's namespace ahead of deploying it,
and included in the pod pec.

Also made some syntactic tweaks to some logger-related tests that
weren't playing nice with `yarn fix-format`.

core/src/plugins/kubernetes/container/build/buildkit.ts

@@ -35,6 +35,7 @@ import { ContainerModule } from "../../../container/config"
 import { getDockerBuildArgs } from "../../../container/build"
 import { getRunningDeploymentPod, millicpuToString, megabytesToString, usingInClusterRegistry } from "../../util"
 import { PodRunner } from "../../run"
+import { prepareSecrets } from "../../secrets"
 
 export const buildkitImageName = "gardendev/buildkit:v0.9.3-1"
 export const buildkitDeploymentName = "garden-buildkit"
@@ -200,8 +201,10 @@ export async function ensureBuildkit({
       namespace,
     })
 
+    const imagePullSecrets = await prepareSecrets({ api, namespace, secrets: provider.config.imagePullSecrets, log })
+
     // Check status of the buildkit deployment
-    const manifest = getBuildkitDeployment(provider, authSecret.metadata.name)
+    const manifest = getBuildkitDeployment(provider, authSecret.metadata.name, imagePullSecrets)
     const status = await compareDeployedResources(ctx as KubernetesPluginContext, api, namespace, [manifest], deployLog)
 
     if (status.state === "ready") {
@@ -251,7 +254,11 @@ export function getBuildkitFlags(module: ContainerModule) {
   return args
 }
 
-export function getBuildkitDeployment(provider: KubernetesProvider, authSecretName: string) {
+export function getBuildkitDeployment(
+  provider: KubernetesProvider,
+  authSecretName: string,
+  imagePullSecrets: { name: string }[]
+) {
   const deployment: KubernetesDeployment = {
     apiVersion: "apps/v1",
     kind: "Deployment",
@@ -318,6 +325,7 @@ export function getBuildkitDeployment(provider: KubernetesProvider, authSecretNa
             // Attach a util container for the rsync server and to use skopeo
             getUtilContainer(authSecretName),
           ],
+          imagePullSecrets,
           volumes: [
             {
               name: authSecretName,

core/src/plugins/kubernetes/container/build/common.ts

@@ -31,6 +31,7 @@ import { InternalError, RuntimeError } from "../../../../exceptions"
 import { LogEntry } from "../../../../logger/log-entry"
 import { getInClusterRegistryHostname } from "../../init"
 import { prepareDockerAuth } from "../../init"
+import { prepareSecrets } from "../../secrets"
 import chalk from "chalk"
 import { gardenEnv } from "../../../../constants"
 import { ensureMutagenSync, flushMutagenSync, getKubectlExecDestination, terminateMutagenSync } from "../../mutagen"
@@ -332,8 +333,10 @@ export async function ensureUtilDeployment({
       namespace,
     })
 
+    const imagePullSecrets = await prepareSecrets({ api, namespace, secrets: provider.config.imagePullSecrets, log })
+
     // Check status of the util deployment
-    const { deployment, service } = getUtilManifests(provider, authSecret.metadata.name)
+    const { deployment, service } = getUtilManifests(provider, authSecret.metadata.name, imagePullSecrets)
     const status = await compareDeployedResources(
       ctx as KubernetesPluginContext,
       api,
@@ -502,7 +505,11 @@ export function getUtilContainer(authSecretName: string): V1Container {
   }
 }
 
-export function getUtilManifests(provider: KubernetesProvider, authSecretName: string) {
+export function getUtilManifests(
+  provider: KubernetesProvider,
+  authSecretName: string,
+  imagePullSecrets: { name: string }[]
+) {
   const kanikoTolerations = [...(provider.config.kaniko?.tolerations || []), builderToleration]
   const deployment: KubernetesDeployment = {
     apiVersion: "apps/v1",
@@ -528,6 +535,7 @@ export function getUtilManifests(provider: KubernetesProvider, authSecretName: s
         },
         spec: {
           containers: [getUtilContainer(authSecretName)],
+          imagePullSecrets,
           volumes: [
             {
               name: authSecretName,

core/src/plugins/kubernetes/container/build/kaniko.ts

@@ -16,6 +16,7 @@ import { KubernetesProvider, KubernetesPluginContext, DEFAULT_KANIKO_IMAGE } fro
 import { BuildError, ConfigurationError } from "../../../../exceptions"
 import { PodRunner } from "../../run"
 import { ensureNamespace, getNamespaceStatus, getSystemNamespace } from "../../namespace"
+import { prepareSecrets } from "../../secrets"
 import { dedent } from "../../../../util/string"
 import { RunResult } from "../../../../types/plugin/base"
 import { PluginContext } from "../../../../plugin-context"
@@ -263,6 +264,12 @@ async function runKaniko({
   const kanikoTolerations = [...(provider.config.kaniko?.tolerations || []), builderToleration]
   const utilHostname = `${utilDeploymentName}.${utilNamespace}.svc.cluster.local`
   const sourceUrl = `rsync://${utilHostname}:${utilRsyncPort}/volume/${ctx.workingCopyId}/${module.name}/`
+  const imagePullSecrets = await prepareSecrets({
+    api,
+    namespace: kanikoNamespace,
+    secrets: provider.config.imagePullSecrets,
+    log,
+  })
 
   const syncArgs = [...commonSyncArgs, sourceUrl, contextPath]
 
@@ -283,6 +290,7 @@ async function runKaniko({
         emptyDir: {},
       },
     ],
+    imagePullSecrets,
     // Start by rsyncing the build context from the util deployment
     initContainers: [
       {

core/test/unit/src/logger/log-entry.ts

@@ -15,8 +15,7 @@ import { LogEntryMetadata, TaskMetadata } from "../../../../src/logger/log-entry
 const logger: Logger = getLogger()
 
 beforeEach(() => {
-  // tslint:disable-next-line: prettier
-  (logger["children"] as any) = []
+  logger["children"] = []
 })
 
 describe("LogEntry", () => {

core/test/unit/src/logger/logger.ts

@@ -16,8 +16,7 @@ const logger: Logger = getLogger()
 
 describe("Logger", () => {
   beforeEach(() => {
-    // tslint:disable-next-line: prettier
-    (logger["children"] as any) = []
+    logger["children"] = []
   })
 
   describe("events", () => {

core/test/unit/src/logger/renderers.ts

@@ -32,8 +32,7 @@ import { freezeTime } from "../../../helpers"
 const logger: Logger = getLogger()
 
 beforeEach(() => {
-  // tslint:disable-next-line: prettier
-  (logger["children"] as any) = []
+  logger["children"] = []
 })
 
 describe("renderers", () => {

core/test/unit/src/logger/writers/basic-terminal-writer.ts

@@ -15,8 +15,7 @@ import { formatForTerminal } from "../../../../../src/logger/renderers"
 const logger: Logger = getLogger()
 
 beforeEach(() => {
-  // tslint:disable-next-line: prettier
-  (logger["children"] as any) = []
+  logger["children"] = []
 })
 
 describe("BasicTerminalWriter", () => {

core/test/unit/src/logger/writers/fancy-terminal-writer.ts

@@ -14,8 +14,7 @@ import { getLogger, Logger } from "../../../../../src/logger/logger"
 const logger: Logger = getLogger()
 
 beforeEach(() => {
-  // tslint:disable-next-line: prettier
-  (logger["children"] as any) = []
+  logger["children"] = []
 })
 
 describe("FancyTerminalWriter", () => {

core/test/unit/src/logger/writers/file-writer.ts

@@ -17,8 +17,7 @@ import { render } from "../../../../../src/logger/writers/file-writer"
 const logger: Logger = getLogger()
 
 beforeEach(() => {
-  // tslint:disable-next-line: prettier
-  (logger["children"] as any) = []
+  logger["children"] = []
 })
 
 describe("FileWriter", () => {

core/test/unit/src/logger/writers/json-terminal-writer.ts

@@ -15,8 +15,7 @@ import { freezeTime } from "../../../../helpers"
 const logger: Logger = getLogger()
 
 beforeEach(() => {
-  // tslint:disable-next-line: prettier
-  (logger["children"] as any) = []
+  logger["children"] = []
 })
 
 describe("JsonTerminalWriter", () => {