✨ Add image pullSecret to hub controllers

[zhiweiyin318]

Summary

Support to sync the imagePullSecret open-cluster-management-image-pull-credentials in the operator ns to the hub namespace.

Related issue(s)

Fixes #

[zhiweiyin318]

/assign @qiujian16

[qiujian16]

we need to consider this together with #381, we basically want to sync secrets from one ns to another. I think we should handle them at the same time. cc @morvencao

[morvencao]

are you referring to #381 for syncing work-driver-config secret?

[codecov]

Codecov Report

Attention: Patch coverage is 65.21739% with 8 lines in your changes are missing coverage. Please review.

Project coverage is 62.51%. Comparing base (3f304e8) to head (61ae0d4).

Files	Patch %	Lines
...stermanagercontroller/clustermanager_controller.go	60.00%	2 Missing and 2 partials ⚠️
...nagercontroller/clustermanager_secret_reconcile.go	60.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #397      +/-   ##
==========================================
- Coverage   62.51%   62.51%   -0.01%     
==========================================
  Files         134      134              
  Lines       11430    11438       +8     
==========================================
+ Hits         7146     7151       +5     
- Misses       3521     3523       +2     
- Partials      763      764       +1     

Flag	Coverage Δ
unit	62.51% <65.21%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[qiujian16]

do you still need this?

[qiujian16]

why we need this step?

[zhiweiyin318]

will not add the pullsecretName to the sa if the imagepullSecret does not exist.
https://github.com/open-cluster-management-io/ocm/pull/397/files#diff-9f7acaff5c7d5c32d15173a975e8bed87d52c8add8e4bf8b4783854741c4cf39R6

if the imagepullSecret is not created but the name is fixed in the sa, a warning event will be output in the ns. The warning event can cause test case failure in openshift-conformance test suite.
There are 2 options here to avoid the warning event:

1. create an empty pullsecret in the operator namespace.
2. remove the pullsecret name from the sa if the pullsecret does not exist.

I chose option 2 in this PR.

the ApplyDirectly in libary-go does not update the imagepullsecret filed in the sa, I also create a new func ApplyServiceAccount to apply sa in the PR.

[zhiweiyin318]

moved the imagepullsecret to deployment and added a comment here

[zhiweiyin318]

@qiujian16 @morvencao please take another look.

[qiujian16]

/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qiujian16, zhiweiyin318

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [qiujian16]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment