Merge branch 'image-pull-secrets' into 'develop'

Add ImagePullSecrets

Closes #93

See merge request ch/kube-api!190

Gopkg.toml

@@ -71,7 +71,7 @@ required = ["github.com/containerum/kube-client"]
 
 [[constraint]]
   name = "github.com/containerum/kube-client"
-  version = "^0.23.2"
+  version = "^0.23.20"
 
 [[constraint]]
   name = "k8s.io/kubernetes"

pkg/kubernetes/secret.go

@@ -6,9 +6,21 @@ import (
 	api_meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-//GetSecretList returns secrets list
-func (k *Kube) GetSecretList(nsName string) (*api_core.SecretList, error) {
-	secrets, err := k.CoreV1().Secrets(nsName).List(api_meta.ListOptions{})
+//GetTLSSecretList returns TLS secrets list
+func (k *Kube) GetTLSSecretList(nsName string) (*api_core.SecretList, error) {
+	secrets, err := k.CoreV1().Secrets(nsName).List(api_meta.ListOptions{FieldSelector: "type=Opaque"})
+	if err != nil {
+		log.WithFields(log.Fields{
+			"Namespace": nsName,
+		}).Error(err)
+		return nil, err
+	}
+	return secrets, nil
+}
+
+//GetDockerSecretList returns Docker secrets list
+func (k *Kube) GetDockerSecretList(nsName string) (*api_core.SecretList, error) {
+	secrets, err := k.CoreV1().Secrets(nsName).List(api_meta.ListOptions{FieldSelector: "type=kubernetes.io/dockerconfigjson"})
 	if err != nil {
 		log.WithFields(log.Fields{
 			"Namespace": nsName,

pkg/model/deployment.go

@@ -84,14 +84,15 @@ func ParseKubeDeployment(deployment interface{}, parseforuser bool) (*kube_types
 			UpdatedReplicas:     int(deploy.Status.UpdatedReplicas),
 			UnavailableReplicas: int(deploy.Status.UnavailableReplicas),
 		},
-		CreatedAt:   deploy.ObjectMeta.CreationTimestamp.UTC().Format(time.RFC3339),
-		SolutionID:  deploy.GetObjectMeta().GetLabels()[solutionLabel],
-		Containers:  containers,
-		TotalCPU:    uint(totalcpu.ScaledValue(api_resource.Milli)),
-		TotalMemory: uint(totalmem.Value() / 1024 / 1024),
-		Owner:       deploy.GetObjectMeta().GetLabels()[ownerLabel],
-		Version:     version,
-		Active:      true,
+		CreatedAt:        deploy.ObjectMeta.CreationTimestamp.UTC().Format(time.RFC3339),
+		SolutionID:       deploy.GetObjectMeta().GetLabels()[solutionLabel],
+		Containers:       containers,
+		ImagePullSecrets: getImagePullSecrets(deploy.Spec.Template.Spec.ImagePullSecrets),
+		TotalCPU:         uint(totalcpu.ScaledValue(api_resource.Milli)),
+		TotalMemory:      uint(totalmem.Value() / 1024 / 1024),
+		Owner:            deploy.GetObjectMeta().GetLabels()[ownerLabel],
+		Version:          version,
+		Active:           true,
 	}
 
 	if parseforuser {
@@ -121,6 +122,14 @@ func getVolumeStorageName(volumes []api_core.Volume) map[string]string {
 	return volumemap
 }
 
+func getImagePullSecrets(secrets []api_core.LocalObjectReference) []string {
+	secretsList := []string{}
+	for _, v := range secrets {
+		secretsList = append(secretsList, v.Name)
+	}
+	return secretsList
+}
+
 //ToKube creates kubernetes v1.Deployment from Deployment struct and namespace labels
 func (deploy *DeploymentKubeAPI) ToKube(nsName string, labels map[string]string) (*api_apps.Deployment, []error) {
 	err := deploy.Validate()
@@ -159,6 +168,11 @@ func (deploy *DeploymentKubeAPI) ToKube(nsName string, labels map[string]string)
 		return nil, []error{verr}
 	}
 
+	var imagePullSecrets []api_core.LocalObjectReference
+	for _, im := range deploy.ImagePullSecrets {
+		imagePullSecrets = append(imagePullSecrets, api_core.LocalObjectReference{im})
+	}
+
 	newDeploy := api_apps.Deployment{
 		TypeMeta: api_meta.TypeMeta{
 			Kind:       deploymentKind,
@@ -183,7 +197,8 @@ func (deploy *DeploymentKubeAPI) ToKube(nsName string, labels map[string]string)
 					NodeSelector: map[string]string{
 						"role": "slave",
 					},
-					Volumes: volumes,
+					ImagePullSecrets: imagePullSecrets,
+					Volumes:          volumes,
 				},
 				ObjectMeta: api_meta.ObjectMeta{
 					Labels: labels,
@@ -198,7 +213,7 @@ func (deploy *DeploymentKubeAPI) ToKube(nsName string, labels map[string]string)
 func makeContainers(containers []kube_types.Container) ([]api_core.Container, []error) {
 	containersAfter := make([]api_core.Container, len(containers))
 
-	for _, c := range containers {
+	for i, c := range containers {
 		errs := validateContainer(c, c.Limits.CPU, c.Limits.Memory)
 		if errs != nil {
 			return nil, errs
@@ -226,7 +241,7 @@ func makeContainers(containers []kube_types.Container) ([]api_core.Container, []
 
 		container.Resources = *rq
 
-		containersAfter = append(containersAfter, container)
+		containersAfter[i] = container
 	}
 	return containersAfter, nil
 }

pkg/model/pod.go

@@ -39,9 +39,10 @@ func ParseKubePod(pod interface{}, parseforuser bool) kube_types.Pod {
 		Status: &model.PodStatus{
 			Phase: string(obj.Status.Phase),
 		},
-		TotalCPU:    uint(cpu.ScaledValue(api_resource.Milli)),
-		TotalMemory: uint(mem.Value() / 1024 / 1024),
-		Owner:       owner,
+		ImagePullSecrets: getImagePullSecrets(obj.Spec.ImagePullSecrets),
+		TotalCPU:         uint(cpu.ScaledValue(api_resource.Milli)),
+		TotalMemory:      uint(mem.Value() / 1024 / 1024),
+		Owner:            owner,
 	}
 
 	if parseforuser {

pkg/model/secret.go

@@ -13,50 +13,33 @@ import (
 	api_validation "k8s.io/apimachinery/pkg/util/validation"
 )
 
-// SecretWithParamList -- model for secrets list
-//
-// swagger:model
-type SecretWithParamList struct {
-	Secrets []SecretWithParam `json:"secrets"`
-}
-
-// SecretWithParam -- model for secret with owner
-//
-// swagger:model
-type SecretWithParam struct {
-	// swagger: allOf
-	*kube_types.Secret
-	//hide secret from users
-	Hidden bool `json:"hidden,omitempty"`
-}
+type SecretKubeAPI kube_types.Secret
 
 const (
 	secretKind       = "Secret"
 	secretAPIVersion = "v1"
 )
 
 // ParseKubeSecretList parses kubernetes v1.SecretList to more convenient []Secret struct.
-func ParseKubeSecretList(secreti interface{}, parseforuser bool) (*SecretWithParamList, error) {
+func ParseKubeSecretList(secreti interface{}, parseforuser bool) (*kube_types.SecretsList, error) {
 	nativeSecrets := secreti.(*api_core.SecretList)
 	if nativeSecrets == nil {
 		return nil, ErrUnableConvertSecretList
 	}
 
-	secrets := make([]SecretWithParam, 0)
+	secrets := make([]kube_types.Secret, 0)
 	for _, secret := range nativeSecrets.Items {
 		newSecret, err := ParseKubeSecret(&secret, parseforuser)
 		if err != nil {
 			return nil, err
 		}
-		if !newSecret.Hidden || !parseforuser {
-			secrets = append(secrets, *newSecret)
-		}
+		secrets = append(secrets, *newSecret)
 	}
-	return &SecretWithParamList{Secrets: secrets}, nil
+	return &kube_types.SecretsList{secrets}, nil
 }
 
 // ParseKubeSecret parses kubernetes v1.Secret to more convenient Secret struct.
-func ParseKubeSecret(secreti interface{}, parseforuser bool) (*SecretWithParam, error) {
+func ParseKubeSecret(secreti interface{}, parseforuser bool) (*kube_types.Secret, error) {
 	secret := secreti.(*api_core.Secret)
 	if secret == nil {
 		return nil, ErrUnableConvertSecret
@@ -67,23 +50,23 @@ func ParseKubeSecret(secreti interface{}, parseforuser bool) (*SecretWithParam,
 		newData[k] = string(v)
 	}
 
-	newSecret := SecretWithParam{
-		Secret: &kube_types.Secret{
-			Name:      secret.GetName(),
-			CreatedAt: secret.CreationTimestamp.UTC().Format(time.RFC3339),
-			Data:      newData,
-			Owner:     secret.GetObjectMeta().GetLabels()[ownerLabel],
-		},
+	newSecret := kube_types.Secret{
+		Name:      secret.GetName(),
+		CreatedAt: secret.CreationTimestamp.UTC().Format(time.RFC3339),
+		Data:      newData,
+		Owner:     secret.GetObjectMeta().GetLabels()[ownerLabel],
 	}
 
-	newSecret.ParseForUser()
+	if parseforuser {
+		newSecret.Mask()
+	}
 
 	return &newSecret, nil
 
 }
 
 // ToKube creates kubernetes v1.Secret from Secret struct and namespace labels
-func (secret *SecretWithParam) ToKube(nsName string, labels map[string]string) (*api_core.Secret, []error) {
+func (secret *SecretKubeAPI) ToKube(nsName string, labels map[string]string, secretType api_core.SecretType) (*api_core.Secret, []error) {
 	err := secret.Validate()
 	if err != nil {
 		return nil, err
@@ -93,6 +76,10 @@ func (secret *SecretWithParam) ToKube(nsName string, labels map[string]string) (
 		return nil, []error{kubeErrors.ErrInternalError().AddDetails("invalid project labels")}
 	}
 
+	if secretType == api_core.SecretTypeDockerConfigJson && secret.Data[".dockerconfigjson"] == "" {
+		return nil, []error{kubeErrors.ErrRequestValidationFailed().AddDetails("field '.dockerconfigjson' is required")}
+	}
+
 	newSecret := api_core.Secret{
 		TypeMeta: api_meta.TypeMeta{
 			Kind:       secretKind,
@@ -104,21 +91,21 @@ func (secret *SecretWithParam) ToKube(nsName string, labels map[string]string) (
 			Namespace: nsName,
 		},
 		Data: makeSecretData(secret.Data),
-		Type: "Opaque",
+		Type: secretType,
 	}
 
 	return &newSecret, nil
 }
 
 func makeSecretData(data map[string]string) map[string][]byte {
-	newData := make(map[string][]byte)
+	newData := make(map[string][]byte, 0)
 	for k, v := range data {
 		newData[k] = []byte(v)
 	}
 	return newData
 }
 
-func (secret *SecretWithParam) Validate() []error {
+func (secret *SecretKubeAPI) Validate() []error {
 	var errs []error
 	if secret.Name == "" {
 		errs = append(errs, fmt.Errorf(fieldShouldExist, "name"))
@@ -139,12 +126,3 @@ func (secret *SecretWithParam) Validate() []error {
 	}
 	return nil
 }
-
-// ParseForUser removes information not interesting for users
-func (secret *SecretWithParam) ParseForUser() {
-	if secret.Owner == "" {
-		secret.Hidden = true
-		return
-	}
-	secret.Mask()
-}

pkg/model/service.go

@@ -168,16 +168,16 @@ func (service *ServiceWithParam) ToKube(nsName string, labels map[string]string)
 
 func makeServicePorts(ports []kube_types.ServicePort) []api_core.ServicePort {
 	serviceports := make([]api_core.ServicePort, len(ports))
-	for _, port := range ports {
+	for i, port := range ports {
 		if port.Port == nil {
 			port.Port = &port.TargetPort
 		}
-		serviceports = append(serviceports, api_core.ServicePort{
+		serviceports[i] = api_core.ServicePort{
 			Name:       port.Name,
 			Protocol:   api_core.Protocol(port.Protocol),
 			Port:       int32(*port.Port),
 			TargetPort: intstr.FromInt(port.TargetPort),
-		})
+		}
 	}
 	return serviceports
 }