[camel-k] Update Operator to link service accounts if a given secret 'camel-k-pull-secret' exists

@astefanutti +1, with the added benefit of not coupling camel-k to ocp/syndesis details.

@heiko-braun if we implement the image secret linking logic in the Camel K operator, then yes it would require another Camel K release.

That being said, I wonder if that is the best approach, w.r.t. Syndesis. In Camel K, running on OpenShift, three service accounts are used:

• The Camel K operator service account (camel-k-operator)
• The s2i builder pod service account (builder)
• The integration pod service account, which can be configured in the integration CR serviceAccountName spec field

For the first one, as for the Syndesis operator, the linking has to be done outside the operator code, for it to be able to run.

For the third one, the Syndesis Camel K publish handler could specify a service account in the integration spec being published, which service account would have been previously linked to the image secret consistently with the other service accounts managed by Syndesis (knowing it operates with Camel K as backend for integration runtime).

For the second one, it is the same service account being configured by the Syndesis operator. If that were to be made configurable in Camel K, that would fall into the same pattern as for the integration service account, as describe above.

From an operation standpoint, it would allow to have a single secret (syndesis-pull-secret) to be used for Syndesis and Camel K pods consistently.

If we choose that implementation, it will require to set the service account integration CR spec field from the Syndesis Camel K publish handler, link that service account to the secret in the Syndesis operator, and add a configuration parameter if we want it to be configurable. The corollary advantage is that it won’t require another Camel K release.

WDYT?

/cc @lburgazzoli @nicolaferraro