Kubernetes: add option to skip explicit imagePullSecrets configuration
What does this MR do?
This MR adds an option to the Kubernetes executer named use_service_account_image_pull_secrets to let the Pod created by the executer to use the image pull secrets provided by its service account, by not explicitly providing the image pull secrets when creating the Pod.
Why was this MR needed?
In some scenarios, the images of the executer Pod is located in a 3rd party image registry which requires authentication. The pull secrets is included in the corresponding service account by other automation mechanisms. In this case, for a successful pulling of the images, imagePullSecrets should not be specified so that the secrets in the service account can be used.
However, when enabled, this feature will break the automatic authentication with the image registry embedded in gitlab instance. So special document should also be provided.
What's the best way to test this MR?
Create a job with its image: pointing to a private registry and add the pull secret to the service account where the executer pods run.