From fad5d82428ae50aeb3ecb4af938c72e8edcbaf5d Mon Sep 17 00:00:00 2001 From: Karolis Rusenas Date: Tue, 23 Apr 2019 23:22:27 +0100 Subject: [PATCH] adding keel.sh/imagePullSecret label/annotation to specify secrets --- provider/kubernetes/kubernetes.go | 31 +++++++++++- provider/kubernetes/kubernetes_test.go | 70 +++++++++++++++++++++++++- types/types.go | 2 + 3 files changed, 100 insertions(+), 3 deletions(-) diff --git a/provider/kubernetes/kubernetes.go b/provider/kubernetes/kubernetes.go index fc70741c..d21e1f03 100644 --- a/provider/kubernetes/kubernetes.go +++ b/provider/kubernetes/kubernetes.go @@ -9,7 +9,7 @@ import ( "github.com/Masterminds/semver" "github.com/rusenask/cron" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" "github.com/prometheus/client_golang/prometheus" @@ -126,6 +126,25 @@ func (p *Provider) Stop() { close(p.stop) } +func getImagePullSecretFromMeta(labels map[string]string, annotations map[string]string) string { + + searchKey := strings.ToLower(types.KeelImagePullSecretAnnotation) + + for k, v := range labels { + if strings.ToLower(k) == searchKey { + return v + } + } + + for k, v := range annotations { + if strings.ToLower(k) == searchKey { + return v + } + } + + return "" +} + // TrackedImages returns a list of tracked images. func (p *Provider) TrackedImages() ([]*types.TrackedImage, error) { var trackedImages []*types.TrackedImage @@ -158,7 +177,15 @@ func (p *Provider) TrackedImages() ([]*types.TrackedImage, error) { // trigger type, we only care for "poll" type triggers trigger := policies.GetTriggerPolicy(labels, annotations) - secrets := gr.GetImagePullSecrets() + + // getting image pull secrets + var secrets []string + specifiedSecret := getImagePullSecretFromMeta(labels, annotations) + if specifiedSecret != "" { + secrets = append(secrets, specifiedSecret) + } + secrets = append(secrets, gr.GetImagePullSecrets()...) + images := gr.GetImages() for _, img := range images { ref, err := image.Parse(img) diff --git a/provider/kubernetes/kubernetes_test.go b/provider/kubernetes/kubernetes_test.go index 333dbd9c..76b62b7a 100644 --- a/provider/kubernetes/kubernetes_test.go +++ b/provider/kubernetes/kubernetes_test.go @@ -10,7 +10,7 @@ import ( "github.com/keel-hq/keel/types" apps_v1 "k8s.io/api/apps/v1" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" core_v1 "k8s.io/client-go/kubernetes/typed/core/v1" ) @@ -1319,3 +1319,71 @@ func TestTrackedImages(t *testing.T) { t.Errorf("could not find image pull secret") } } + +func TestTrackedImagesWithSecrets(t *testing.T) { + fp := &fakeImplementer{} + fp.namespaces = &v1.NamespaceList{ + Items: []v1.Namespace{ + v1.Namespace{ + meta_v1.TypeMeta{}, + meta_v1.ObjectMeta{Name: "xxxx"}, + v1.NamespaceSpec{}, + v1.NamespaceStatus{}, + }, + }, + } + deps := []*apps_v1.Deployment{ + { + meta_v1.TypeMeta{}, + meta_v1.ObjectMeta{ + Name: "dep-1", + Namespace: "xxxx", + Labels: map[string]string{ + types.KeelPolicyLabel: "all", + types.KeelImagePullSecretAnnotation: "foo-bar", + }, + }, + apps_v1.DeploymentSpec{ + Template: v1.PodTemplateSpec{ + Spec: v1.PodSpec{ + Containers: []v1.Container{ + v1.Container{ + Image: "gcr.io/v2-namespace/hello-world:1.1", + }, + }, + ImagePullSecrets: []v1.LocalObjectReference{ + v1.LocalObjectReference{ + Name: "very-secret", + }, + }, + }, + }, + }, + apps_v1.DeploymentStatus{}, + }, + } + + grs := MustParseGRS(deps) + grc := &k8s.GenericResourceCache{} + grc.Add(grs...) + + provider, err := NewProvider(fp, &fakeSender{}, approver(), grc) + if err != nil { + t.Fatalf("failed to get provider: %s", err) + } + + imgs, err := provider.TrackedImages() + if err != nil { + t.Errorf("failed to get image: %s", err) + } + if len(imgs) != 1 { + t.Errorf("expected to find 1 image, got: %d", len(imgs)) + } + + if imgs[0].Secrets[0] != "foo-bar" { + t.Errorf("expected foo-bar, got: %s", imgs[0].Secrets[0]) + } + if imgs[0].Secrets[1] != "very-secret" { + t.Errorf("expected very-secret, got: %s", imgs[0].Secrets[1]) + } +} diff --git a/types/types.go b/types/types.go index 20e626df..eeab0919 100644 --- a/types/types.go +++ b/types/types.go @@ -19,6 +19,8 @@ const KeelDefaultPort = 9300 // KeelPolicyLabel - keel update policies (version checking) const KeelPolicyLabel = "keel.sh/policy" +const KeelImagePullSecretAnnotation = "keel.sh/imagePullSecret" + // KeelTriggerLabel - trigger label is used to specify custom trigger types // for example keel.sh/trigger=poll would signal poll trigger to start watching for repository // changes