mirror of
https://github.com/ysoftdevs/imagepullsecret-injector.git
synced 2026-01-19 10:07:26 +01:00
Compare commits
3 Commits
imagepulls
...
imagepulls
| Author | SHA1 | Date | |
|---|---|---|---|
|
5491cc64f7 | ||
|
|
1f0f30920f | ||
|
|
012a498a8b |
43
Makefile
43
Makefile
@@ -67,6 +67,10 @@ test:
|
|||||||
# build section
|
# build section
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
|
vendor:
|
||||||
|
@echo "Vendoring..."
|
||||||
|
@go mod vendor
|
||||||
|
|
||||||
build:
|
build:
|
||||||
@echo "Building the $(IMAGE_NAME) binary..."
|
@echo "Building the $(IMAGE_NAME) binary..."
|
||||||
@CGO_ENABLED=0 go build -o build/_output/bin/$(IMAGE_NAME) ./cmd/
|
@CGO_ENABLED=0 go build -o build/_output/bin/$(IMAGE_NAME) ./cmd/
|
||||||
@@ -76,10 +80,39 @@ build-linux:
|
|||||||
@GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o build/_output/linux/bin/$(IMAGE_NAME) ./cmd/
|
@GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o build/_output/linux/bin/$(IMAGE_NAME) ./cmd/
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# image section
|
# Containerd image section
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
image: docker-login build-image push-image
|
containerd-image: containerd-login containerd-image containerd-image
|
||||||
|
|
||||||
|
containerd-login:
|
||||||
|
@echo "$(DOCKER_TOKEN)" | nerdctl login -u "$(DOCKER_USER)" --password-stdin "$(REPOSITORY_BASE)"
|
||||||
|
|
||||||
|
containerd-logout:
|
||||||
|
@docker logout
|
||||||
|
|
||||||
|
containerd-build:
|
||||||
|
@echo "Building the docker image: $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)..."
|
||||||
|
@nerdctl build -t $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) -f build/Dockerfile .
|
||||||
|
@echo "Building the docker image: $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG)..."
|
||||||
|
@nerdctl build -t $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG) -f build/Dockerfile.cert-generator .
|
||||||
|
|
||||||
|
containerd-push: containerd-build-image
|
||||||
|
@echo "Pushing the docker image for $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) and $(IMAGE_REPO)/$(IMAGE_NAME):latest..."
|
||||||
|
@nerdctl tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) $(IMAGE_REPO)/$(IMAGE_NAME):latest
|
||||||
|
@nerdctl push $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)
|
||||||
|
@nerdctl push $(IMAGE_REPO)/$(IMAGE_NAME):latest
|
||||||
|
@echo "Pushing the docker image for $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG) and $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):latest..."
|
||||||
|
@nerdctl tag $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG) $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):latest
|
||||||
|
@nerdctl push $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG)
|
||||||
|
@nerdctl push $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):latest
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Docker image section
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
docker-image: docker-login docker-build docker-push
|
||||||
|
|
||||||
docker-login:
|
docker-login:
|
||||||
@echo "$(DOCKER_TOKEN)" | docker login -u "$(DOCKER_USER)" --password-stdin "$(REPOSITORY_BASE)"
|
@echo "$(DOCKER_TOKEN)" | docker login -u "$(DOCKER_USER)" --password-stdin "$(REPOSITORY_BASE)"
|
||||||
@@ -87,13 +120,13 @@ docker-login:
|
|||||||
docker-logout:
|
docker-logout:
|
||||||
@docker logout
|
@docker logout
|
||||||
|
|
||||||
build-image:
|
docker-build:
|
||||||
@echo "Building the docker image: $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)..."
|
@echo "Building the docker image: $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)..."
|
||||||
@docker build -t $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) -f build/Dockerfile .
|
@docker build -t $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) -f build/Dockerfile .
|
||||||
@echo "Building the docker image: $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG)..."
|
@echo "Building the docker image: $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG)..."
|
||||||
@docker build -t $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG) -f build/Dockerfile.cert-generator .
|
@docker build -t $(IMAGE_REPO)/$(GENERATOR_IMAGE_NAME):$(IMAGE_TAG) -f build/Dockerfile.cert-generator .
|
||||||
|
|
||||||
push-image: build-image
|
docker-push: docker-build
|
||||||
@echo "Pushing the docker image for $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) and $(IMAGE_REPO)/$(IMAGE_NAME):latest..."
|
@echo "Pushing the docker image for $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) and $(IMAGE_REPO)/$(IMAGE_NAME):latest..."
|
||||||
@docker tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) $(IMAGE_REPO)/$(IMAGE_NAME):latest
|
@docker tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) $(IMAGE_REPO)/$(IMAGE_NAME):latest
|
||||||
@docker push $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)
|
@docker push $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)
|
||||||
@@ -110,4 +143,4 @@ push-image: build-image
|
|||||||
clean:
|
clean:
|
||||||
@rm -rf build/_output
|
@rm -rf build/_output
|
||||||
|
|
||||||
.PHONY: all fmt lint check test build image clean
|
.PHONY: all fmt lint check test build docker-image containerd-image clean
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ FROM golang:1.17.10 AS builder
|
|||||||
|
|
||||||
WORKDIR /go/src/github.com/ysoftdevs/imagepullsecret-injector
|
WORKDIR /go/src/github.com/ysoftdevs/imagepullsecret-injector
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN make build
|
RUN make vendor build
|
||||||
|
|
||||||
FROM alpine:3.15.4 as base
|
FROM alpine:3.15.4 as base
|
||||||
COPY --from=builder /go/src/github.com/ysoftdevs/imagepullsecret-injector/build/_output/bin/imagepullsecret-injector /usr/local/bin/imagepullsecret-injector
|
COPY --from=builder /go/src/github.com/ysoftdevs/imagepullsecret-injector/build/_output/bin/imagepullsecret-injector /usr/local/bin/imagepullsecret-injector
|
||||||
|
|||||||
@@ -15,9 +15,9 @@ type: application
|
|||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
version: 0.0.25
|
version: 0.0.26
|
||||||
|
|
||||||
# This is the version number of the application being deployed. This version number should be
|
# This is the version number of the application being deployed. This version number should be
|
||||||
# incremented each time you make changes to the application. Versions are not expected to
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
appVersion: 0.0.14
|
appVersion: 0.0.25
|
||||||
|
|||||||
@@ -236,11 +236,24 @@ func (whsvr *WebhookServer) mutateServiceAccount(ar *v1beta1.AdmissionReview) *v
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check whether we already have the imagePullSecretName present
|
// Make sure the secrets are present
|
||||||
|
if err := whsvr.ensureSecrets(ar); err != nil {
|
||||||
|
whsvr.logger.Errorf("Could not ensure existence of the imagePullSecret")
|
||||||
|
if !whsvr.config.ignoreSecretCreationError {
|
||||||
|
whsvr.logger.Errorf("Failing the mutation process")
|
||||||
|
return &v1beta1.AdmissionResponse{
|
||||||
|
Result: &metav1.Status{
|
||||||
|
Message: err.Error(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
whsvr.logger.Infof("ignoreSecretCreationError is true, ignoring")
|
||||||
|
}
|
||||||
|
|
||||||
if sa.ImagePullSecrets != nil {
|
if sa.ImagePullSecrets != nil {
|
||||||
whsvr.logger.Infof("ServiceAccount is already in the correct state, skipping")
|
|
||||||
for _, lor := range sa.ImagePullSecrets {
|
for _, lor := range sa.ImagePullSecrets {
|
||||||
if whsvr.config.targetImagePullSecretName == lor.Name {
|
if whsvr.config.targetImagePullSecretName == lor.Name {
|
||||||
|
whsvr.logger.Infof("ServiceAccount is already in the correct state, skipping the patch")
|
||||||
return &v1beta1.AdmissionResponse{
|
return &v1beta1.AdmissionResponse{
|
||||||
Allowed: true,
|
Allowed: true,
|
||||||
}
|
}
|
||||||
@@ -262,19 +275,6 @@ func (whsvr *WebhookServer) mutateServiceAccount(ar *v1beta1.AdmissionReview) *v
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := whsvr.ensureSecrets(ar); err != nil {
|
|
||||||
whsvr.logger.Errorf("Could not ensure existence of the imagePullSecret")
|
|
||||||
if !whsvr.config.ignoreSecretCreationError {
|
|
||||||
whsvr.logger.Errorf("Failing the mutation process")
|
|
||||||
return &v1beta1.AdmissionResponse{
|
|
||||||
Result: &metav1.Status{
|
|
||||||
Message: err.Error(),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
whsvr.logger.Infof("ignoreSecretCreationError is true, ignoring")
|
|
||||||
}
|
|
||||||
|
|
||||||
return &v1beta1.AdmissionResponse{
|
return &v1beta1.AdmissionResponse{
|
||||||
Allowed: true,
|
Allowed: true,
|
||||||
Patch: patchBytes,
|
Patch: patchBytes,
|
||||||
|
|||||||
Reference in New Issue
Block a user