Remove unused pull secret configuration

Signed-off-by: Mikalai Radchuk <[email protected]>

cmd/manager/main.go

@@ -195,9 +195,7 @@ func main() {
 		os.Exit(1)
 	}
 	unpacker := &source.ImageRegistry{
-		BaseCachePath: filepath.Join(cachePath, "unpack"),
-		// TODO: This needs to be derived per extension via ext.Spec.InstallNamespace
-		AuthNamespace:   systemNamespace,
+		BaseCachePath:   filepath.Join(cachePath, "unpack"),
 		CertPoolWatcher: certPoolWatcher,
 	}
 

internal/rukpak/source/image_registry.go

@@ -13,8 +13,6 @@ import (
 	"strings"
 
 	"github.com/containerd/containerd/archive"
-	"github.com/google/go-containerregistry/pkg/authn/k8schain"
-	gcrkube "github.com/google/go-containerregistry/pkg/authn/kubernetes"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	apimacherrors "k8s.io/apimachinery/pkg/util/errors"
@@ -29,8 +27,6 @@ const SourceTypeImage SourceType = "image"
 type ImageSource struct {
 	// Ref contains the reference to a container image containing Bundle contents.
 	Ref string
-	// ImagePullSecretName contains the name of the image pull secret in the namespace that the provisioner is deployed.
-	ImagePullSecretName string
 	// InsecureSkipTLSVerify indicates that TLS certificate validation should be skipped.
 	// If this option is specified, the HTTPS protocol will still be used to
 	// fetch the specified image reference.
@@ -53,7 +49,6 @@ func NewUnrecoverable(err error) *Unrecoverable {
 
 type ImageRegistry struct {
 	BaseCachePath   string
-	AuthNamespace   string
 	CertPoolWatcher *httputil.CertPoolWatcher
 }
 
@@ -72,24 +67,6 @@ func (i *ImageRegistry) Unpack(ctx context.Context, bundle *BundleSource) (*Resu
 		return nil, NewUnrecoverable(fmt.Errorf("error parsing image reference: %w", err))
 	}
 
-	remoteOpts := []remote.Option{}
-	if bundle.Image.ImagePullSecretName != "" {
-		chainOpts := k8schain.Options{
-			ImagePullSecrets: []string{bundle.Image.ImagePullSecretName},
-			Namespace:        i.AuthNamespace,
-			// TODO: Do we want to use any secrets that are included in the rukpak service account?
-			// If so, we will need to add the permission to get service accounts and specify
-			// the rukpak service account name here.
-			ServiceAccountName: gcrkube.NoServiceAccount,
-		}
-		authChain, err := k8schain.NewInCluster(ctx, chainOpts)
-		if err != nil {
-			return nil, fmt.Errorf("error getting auth keychain: %w", err)
-		}
-
-		remoteOpts = append(remoteOpts, remote.WithAuthFromKeychain(authChain))
-	}
-
 	transport := remote.DefaultTransport.(*http.Transport).Clone()
 	if transport.TLSClientConfig == nil {
 		transport.TLSClientConfig = &tls.Config{
@@ -107,6 +84,8 @@ func (i *ImageRegistry) Unpack(ctx context.Context, bundle *BundleSource) (*Resu
 		}
 		transport.TLSClientConfig.RootCAs = pool
 	}
+
+	remoteOpts := []remote.Option{}
 	remoteOpts = append(remoteOpts, remote.WithTransport(transport))
 
 	digest, isDigest := imgRef.(name.Digest)
@@ -175,7 +154,6 @@ func unpackedResult(fsys fs.FS, bundle *BundleSource, ref string) *Result {
 			Type: SourceTypeImage,
 			Image: &ImageSource{
 				Ref:                   ref,
-				ImagePullSecretName:   bundle.Image.ImagePullSecretName,
 				InsecureSkipTLSVerify: bundle.Image.InsecureSkipTLSVerify,
 			},
 		},

internal/rukpak/source/unpacker.go

@@ -4,8 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io/fs"
-
-	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
 // Unpacker unpacks bundle content, either synchronously or asynchronously and
@@ -102,15 +100,3 @@ func (s *unpacker) Cleanup(ctx context.Context, bundle *BundleSource) error {
 	}
 	return source.Cleanup(ctx, bundle)
 }
-
-// NewDefaultUnpacker returns a new composite Source that unpacks bundles using
-// a default source mapping with built-in implementations of all of the supported
-// source types.
-func NewDefaultUnpacker(mgr manager.Manager, namespace, cacheDir string) (Unpacker, error) {
-	return NewUnpacker(map[SourceType]Unpacker{
-		SourceTypeImage: &ImageRegistry{
-			BaseCachePath: cacheDir,
-			AuthNamespace: namespace,
-		},
-	}), nil
-}