From 9681e70ae18eef508a4fcd9a4d8ca55a033475fb Mon Sep 17 00:00:00 2001 From: fabiankramm Date: Tue, 23 Oct 2018 11:26:31 +0200 Subject: [PATCH 1/2] Add kaniko option to specify custom pullSecret name (#307) --- docs/docs/configuration/config.yaml.md | 1 + examples/kaniko/.devspace/config.yaml | 1 - examples/kaniko/README.md | 36 +++++++++++++++++++++++--- pkg/devspace/builder/kaniko/kaniko.go | 12 ++++++++- pkg/devspace/config/v1/image.go | 5 ++-- pkg/devspace/image/build.go | 7 ++++- 6 files changed, 54 insertions(+), 8 deletions(-) diff --git a/docs/docs/configuration/config.yaml.md b/docs/docs/configuration/config.yaml.md index d55382f02c..7a19ef5153 100644 --- a/docs/docs/configuration/config.yaml.md +++ b/docs/docs/configuration/config.yaml.md @@ -109,6 +109,7 @@ DockerConfig: KanikoConfig: - `cache` *bool* if true the last image build is used as cache repository - `namespace` *string* specifies the namespace where the build pod should be started +- `pullSecret` *string* mount this pullSecret instead of creating one to authenticate to the registry ### images[].build.options BuildOptions: diff --git a/examples/kaniko/.devspace/config.yaml b/examples/kaniko/.devspace/config.yaml index ef76607308..b7d85e4857 100755 --- a/examples/kaniko/.devspace/config.yaml +++ b/examples/kaniko/.devspace/config.yaml @@ -26,5 +26,4 @@ images: build: kaniko: cache: true - namespace: "" name: yourdockername/kaniko diff --git a/examples/kaniko/README.md b/examples/kaniko/README.md index 5a7f36cf04..488dd1a338 100644 --- a/examples/kaniko/README.md +++ b/examples/kaniko/README.md @@ -4,13 +4,13 @@ This example shows how kaniko can be used instead of docker to build and push an # Step 0: Prerequisites -In order for this example to work you need access to a docker registry, where you can push images to (e.g. hub.docker.com, gcr.io etc.). There are two options how you can push images to registries with devspace. +In order for this example to work you need access to a docker registry, where you can push images to (e.g. hub.docker.com, gcr.io etc.). There are three options how you can push images to registries with devspace. ## Option 1: Use docker credentials store If you have docker installed, devspace can take the required auth information directly out of the docker credentials store and will create the needed secret for you in the target cluster automatically. Make sure you are logged in the registry with `docker login`. ## Option 2: Provide auth information yourself -As a second option you can provide your credentials directly in the config.yaml. See example below: +As a second option you can provide your credentials directly in the config.yaml and devspace cli will create a pull secret for you automatically. See example below: ```yaml images: @@ -18,7 +18,6 @@ images: build: kaniko: cache: true - namespace: "" # Don't prefix image name with registry url name: name/devspace registry: myRegistry @@ -33,6 +32,37 @@ registries: devspace will then automatically create a secret for you which kaniko can use to push to that registry. +## Option 3: Provide kaniko pull secret yourself +As a third option you can provide the pullSecret to use for kaniko yourself. Make sure the pull secret has the following form: + +```yaml +apiVersion: v1 +kind: Secret +data: + # .dockerconfigjson encoded in base64 e.g.: + # { + # "auths": { + # "myRegistryUrl": { + # "auth": "base64Encoded(user:password/token)", + # "email": "myemail@test.de" + # } + # } + # } + .dockerconfigjson: BASE64EncodedDockerConfigJson +``` + +Now specify the pullsecret name as the pull secret to use for kaniko in the .devspace/config: + +```yaml +images: + default: + build: + kaniko: + cache: true + name: registryName/name/devspace + pullSecret: myPullSecretName +``` + ## Optional: Use self hosted cluster (minikube, GKE etc.) instead of devspace-cloud If you want to use your own cluster instead of the devspace-cloud as deployment target, make sure `kubectl` is configured correctly to access the target cluster. Then just erase the `cluster` section in the `.devspace/config.yaml` and devspace will use your current kubectl context as deployment target. diff --git a/pkg/devspace/builder/kaniko/kaniko.go b/pkg/devspace/builder/kaniko/kaniko.go index 533ef592c9..c57db960de 100644 --- a/pkg/devspace/builder/kaniko/kaniko.go +++ b/pkg/devspace/builder/kaniko/kaniko.go @@ -23,6 +23,7 @@ import ( // Builder holds the necessary information to build and push docker images type Builder struct { RegistryURL string + PullSecretName string ImageName string ImageTag string PreviousImageTag string @@ -33,9 +34,10 @@ type Builder struct { } // NewBuilder creates a new kaniko.Builder instance -func NewBuilder(registryURL, imageName, imageTag, lastImageTag, buildNamespace string, kubectl *kubernetes.Clientset, allowInsecureRegistry bool) (*Builder, error) { +func NewBuilder(registryURL, pullSecretName, imageName, imageTag, lastImageTag, buildNamespace string, kubectl *kubernetes.Clientset, allowInsecureRegistry bool) (*Builder, error) { return &Builder{ RegistryURL: registryURL, + PullSecretName: pullSecretName, ImageName: imageName, ImageTag: imageTag, PreviousImageTag: lastImageTag, @@ -47,6 +49,10 @@ func NewBuilder(registryURL, imageName, imageTag, lastImageTag, buildNamespace s // Authenticate authenticates kaniko for pushing to the RegistryURL (if username == "", it will try to get login data from local docker daemon) func (b *Builder) Authenticate(username, password string, checkCredentialsStore bool) (*types.AuthConfig, error) { + if b.PullSecretName != "" { + return nil, nil + } + email := "noreply@devspace-cloud.com" if len(username) == 0 { @@ -74,6 +80,10 @@ func (b *Builder) Authenticate(username, password string, checkCredentialsStore // BuildImage builds a dockerimage within a kaniko pod func (b *Builder) BuildImage(contextPath, dockerfilePath string, options *types.ImageBuildOptions) error { pullSecretName := registry.GetRegistryAuthSecretName(b.RegistryURL) + if b.PullSecretName != "" { + pullSecretName = b.PullSecretName + } + randString, _ := randutil.GenerateRandomString(12) buildID := strings.ToLower(randString) buildPod := &k8sv1.Pod{ diff --git a/pkg/devspace/config/v1/image.go b/pkg/devspace/config/v1/image.go index 9f32b37a65..14f4d63118 100644 --- a/pkg/devspace/config/v1/image.go +++ b/pkg/devspace/config/v1/image.go @@ -19,8 +19,9 @@ type BuildConfig struct { // KanikoConfig tells the DevSpace CLI to build with Docker on Minikube or on localhost type KanikoConfig struct { - Cache *bool `yaml:"cache"` - Namespace *string `yaml:"namespace,omitempty"` + Cache *bool `yaml:"cache"` + Namespace *string `yaml:"namespace,omitempty"` + PullSecret *string `yaml:"pullSecret,omitempty"` } // DockerConfig tells the DevSpace CLI to build with Docker on Minikube or on localhost diff --git a/pkg/devspace/image/build.go b/pkg/devspace/image/build.go index db96c963aa..1ba3c03aec 100644 --- a/pkg/devspace/image/build.go +++ b/pkg/devspace/image/build.go @@ -107,7 +107,12 @@ func Build(client *kubernetes.Clientset, generatedConfig *generated.Config, imag allowInsecurePush = *registryConf.Insecure } - imageBuilder, err = kaniko.NewBuilder(registryURL, imageName, imageTag, (*generatedConfig).ImageTags[imageName], buildNamespace, client, allowInsecurePush) + pullSecret := "" + if imageConf.Build.Kaniko.PullSecret != nil { + pullSecret = *imageConf.Build.Kaniko.PullSecret + } + + imageBuilder, err = kaniko.NewBuilder(registryURL, pullSecret, imageName, imageTag, (*generatedConfig).ImageTags[imageName], buildNamespace, client, allowInsecurePush) if err != nil { log.Fatalf("Error creating kaniko builder: %v", err) } From bd1325c98695cb363faf8f894d86ac3ba165174e Mon Sep 17 00:00:00 2001 From: fabiankramm Date: Tue, 23 Oct 2018 11:27:39 +0200 Subject: [PATCH 2/2] Use spaces instead of tabs in readme --- examples/kaniko/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/kaniko/README.md b/examples/kaniko/README.md index 488dd1a338..3c6891ff2b 100644 --- a/examples/kaniko/README.md +++ b/examples/kaniko/README.md @@ -41,13 +41,13 @@ kind: Secret data: # .dockerconfigjson encoded in base64 e.g.: # { - # "auths": { - # "myRegistryUrl": { - # "auth": "base64Encoded(user:password/token)", - # "email": "myemail@test.de" - # } - # } - # } + # "auths": { + # "myRegistryUrl": { + # "auth": "base64Encoded(user:password/token)", + # "email": "myemail@test.de" + # } + # } + # } .dockerconfigjson: BASE64EncodedDockerConfigJson ```