/
gcr.go
77 lines (68 loc) · 2.04 KB
/
gcr.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package creds
import (
"strings"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes"
)
const (
GcrSaSecretName = "gcr-sa"
gcrSaSecretFileName = "sa.json"
gcrVolumeName = "gcr-sa"
gcrVolumeMountPath = "/etc/gcr"
googleAppCredsEnvVar = "GOOGLE_APPLICATION_CREDENTIALS"
)
type GCR struct {
credsCommon
}
// ensure type implement the requisite interface
var _ CredentialAdder = &GCR{}
func CreateGCR(clientset kubernetes.Interface, secretNamespace string) *GCR {
return &GCR{
credsCommon: credsCommon{
clientset: clientset,
secretNamespace: secretNamespace,
},
}
}
func (g *GCR) ShouldAdd() bool {
if g.isSecretExists == nil {
found := isSecretExists(g.clientset, GcrSaSecretName, g.secretNamespace)
g.isSecretExists = &found
}
return *g.isSecretExists
}
// Klar is using google SDK to pull the user name and password required to pull the image.
// We need to do the following:
// 1. Create a volume that holds the `gcrSaSecretFileName` data
// 2. Mount the volume into each container to a specific path (`gcrVolumeMountPath`/`gcrSaSecretFileName`)
// 3. Set `GOOGLE_APPLICATION_CREDENTIALS` to point to the mounted file
func (g *GCR) Add(job *batchv1.Job) {
job.Namespace = g.secretNamespace
job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, corev1.Volume{
Name: gcrVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: GcrSaSecretName,
Items: []corev1.KeyToPath{
{
Key: gcrSaSecretFileName,
Path: gcrSaSecretFileName,
},
},
},
},
})
for i := range job.Spec.Template.Spec.Containers {
container := &job.Spec.Template.Spec.Containers[i]
container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{
Name: gcrVolumeName,
ReadOnly: true,
MountPath: gcrVolumeMountPath,
})
container.Env = append(container.Env, corev1.EnvVar{
Name: googleAppCredsEnvVar,
Value: strings.Join([]string{gcrVolumeMountPath, gcrSaSecretFileName}, "/"),
})
}
}