mirror of
https://github.com/ysoftdevs/imagepullsecret-injector.git
synced 2026-01-12 06:50:43 +01:00
Compare commits
7 Commits
devel
...
imagepulls
| Author | SHA1 | Date | |
|---|---|---|---|
|
26a7b374e2 | ||
|
|
f098c48dcf | ||
|
|
6e67d5b87c | ||
|
|
eb5fe7944b | ||
|
|
c41499b934 | ||
|
|
bc86f0e9ab | ||
|
|
af35fd73f0 |
2
.github/workflows/release-chart.yaml
vendored
2
.github/workflows/release-chart.yaml
vendored
@@ -52,4 +52,4 @@ jobs:
|
||||
with:
|
||||
charts_dir: 'helm'
|
||||
env:
|
||||
CR_TOKEN: '${{ secrets.CR_TOKEN }}'
|
||||
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
||||
@@ -60,9 +60,9 @@ func main() {
|
||||
|
||||
glog.Infof("Running with config: %+v", parameters)
|
||||
|
||||
whsvr := &WebhookServer{
|
||||
config: ¶meters,
|
||||
server: &http.Server{
|
||||
whsvr, err := NewWebhookServer(
|
||||
¶meters,
|
||||
&http.Server{
|
||||
Addr: fmt.Sprintf(":%v", parameters.port),
|
||||
// This is quite inefficient as it loads file contents on every TLS ClientHello, but ¯\_(ツ)_/¯
|
||||
TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
@@ -71,6 +71,9 @@ func main() {
|
||||
return &cert, err
|
||||
}},
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
glog.Exitf("Could not create the Webhook server: %v", err)
|
||||
}
|
||||
|
||||
// define http server and server handler
|
||||
|
||||
@@ -30,6 +30,7 @@ var (
|
||||
type WebhookServer struct {
|
||||
server *http.Server
|
||||
config *WhSvrParameters
|
||||
client *kubernetes.Clientset
|
||||
}
|
||||
|
||||
// Webhook Server parameters
|
||||
@@ -57,6 +58,26 @@ var (
|
||||
}
|
||||
)
|
||||
|
||||
func NewWebhookServer(parameters *WhSvrParameters, server *http.Server) (*WebhookServer, error) {
|
||||
config, err := rest.InClusterConfig()
|
||||
if err != nil {
|
||||
glog.Errorf("Could not create k8s client: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
clientset, err := kubernetes.NewForConfig(config)
|
||||
if err != nil {
|
||||
glog.Errorf("Could not create k8s clientset: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &WebhookServer{
|
||||
config: parameters,
|
||||
server: server,
|
||||
client: clientset,
|
||||
}, nil
|
||||
|
||||
}
|
||||
|
||||
func DefaultParametersObject() WhSvrParameters {
|
||||
return WhSvrParameters{
|
||||
port: 8443,
|
||||
@@ -126,46 +147,41 @@ func getCurrentNamespace() string {
|
||||
|
||||
func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
|
||||
glog.Infof("Ensuring existing secrets")
|
||||
namespace := ar.Request.Namespace
|
||||
targetNamespace := ar.Request.Namespace
|
||||
|
||||
config, err := rest.InClusterConfig()
|
||||
if err != nil {
|
||||
glog.Errorf("Could not create k8s client: %v", err)
|
||||
return err
|
||||
}
|
||||
clientset, err := kubernetes.NewForConfig(config)
|
||||
if err != nil {
|
||||
glog.Errorf("Could not create k8s clientset: %v", err)
|
||||
return err
|
||||
}
|
||||
currentNamespace := getCurrentNamespace()
|
||||
|
||||
glog.Infof("Looking for the source secret")
|
||||
sourceSecret, err := clientset.CoreV1().Secrets(whsvr.config.sourceImagePullSecretNamespace).Get(whsvr.config.sourceImagePullSecretName, metav1.GetOptions{})
|
||||
sourceSecret, err := whsvr.client.CoreV1().Secrets(whsvr.config.sourceImagePullSecretNamespace).Get(whsvr.config.sourceImagePullSecretName, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
glog.Errorf("Could not fetch source secret %s in namespace %s: %v", whsvr.config.sourceImagePullSecretName, currentNamespace, err)
|
||||
return err
|
||||
}
|
||||
if sourceSecret.Type != corev1.SecretTypeDockerConfigJson {
|
||||
err := fmt.Errorf("source secret %s in namespace %s exists, but has incorrect type (is %s, should be %s)", whsvr.config.sourceImagePullSecretName, currentNamespace, sourceSecret.Type, corev1.SecretTypeDockerConfigJson)
|
||||
glog.Errorf("%v", err)
|
||||
return err
|
||||
}
|
||||
glog.Infof("Source secret found")
|
||||
|
||||
glog.Infof("Looking for the existing target secret")
|
||||
secret, err := clientset.CoreV1().Secrets(namespace).Get(whsvr.config.targetImagePullSecretName, metav1.GetOptions{})
|
||||
secret, err := whsvr.client.CoreV1().Secrets(targetNamespace).Get(whsvr.config.targetImagePullSecretName, metav1.GetOptions{})
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
glog.Errorf("Could not fetch secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
|
||||
glog.Errorf("Could not fetch secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
|
||||
return err
|
||||
}
|
||||
|
||||
if err != nil && errors.IsNotFound(err) {
|
||||
glog.Infof("Target secret not found, creating a new one")
|
||||
if _, createErr := clientset.CoreV1().Secrets(namespace).Create(&corev1.Secret{
|
||||
if _, createErr := whsvr.client.CoreV1().Secrets(targetNamespace).Create(&corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: whsvr.config.targetImagePullSecretName,
|
||||
Namespace: namespace,
|
||||
Namespace: targetNamespace,
|
||||
},
|
||||
Data: sourceSecret.Data,
|
||||
Type: sourceSecret.Type,
|
||||
}); createErr != nil {
|
||||
glog.Errorf("Could not create secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
|
||||
glog.Errorf("Could not create secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
|
||||
return err
|
||||
}
|
||||
glog.Infof("Target secret created successfully")
|
||||
@@ -174,8 +190,8 @@ func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
|
||||
|
||||
glog.Infof("Target secret found, updating")
|
||||
secret.Data = sourceSecret.Data
|
||||
if _, err := clientset.CoreV1().Secrets(namespace).Update(secret); err != nil {
|
||||
glog.Errorf("Could not update secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
|
||||
if _, err := whsvr.client.CoreV1().Secrets(targetNamespace).Update(secret); err != nil {
|
||||
glog.Errorf("Could not update secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
|
||||
return err
|
||||
}
|
||||
glog.Infof("Target secret updated successfully")
|
||||
|
||||
@@ -15,9 +15,9 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.0.16
|
||||
version: 0.0.19
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
appVersion: 0.0.9
|
||||
appVersion: 0.0.10
|
||||
|
||||
@@ -12,6 +12,7 @@ spec:
|
||||
labels:
|
||||
{{- include "imagepullsecret-injector.labels" . | nindent 8 }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 30
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: imagepullsecret-injector-cert-gen
|
||||
|
||||
@@ -5,6 +5,7 @@ metadata:
|
||||
labels:
|
||||
{{- include "imagepullsecret-injector.labels" . | nindent 4 }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 30
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: imagepullsecret-injector-cert-gen
|
||||
|
||||
@@ -25,6 +25,7 @@ rules:
|
||||
- create
|
||||
- get
|
||||
- delete
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
||||
Reference in New Issue
Block a user