Merge pull request #33 from simonferquel/pull-secrets

Add support for pull secrets

api/compose/v1alpha3/stack.go

@@ -97,6 +97,7 @@ type ServiceConfig struct {
 	User            *int64                   `json:"user,omitempty"`
 	Volumes         []ServiceVolumeConfig    `json:"volumes,omitempty"`
 	WorkingDir      string                   `json:"working_dir,omitempty"`
+	PullSecret      string                   `json:"pull_secret,omitempty"`
 }
 
 // ServicePortConfig is the port configuration for a service

e2e/compose_test.go

@@ -26,8 +26,11 @@ import (
 )
 
 const (
-	portMin = 32768
-	portMax = 35535
+	portMin                  = 32768
+	portMax                  = 35535
+	privateImagePullUsername = "composeonk8simagepull"
+	privateImagePullPassword = "XHWl8mJ6IH5o"
+	privateImagePullImage    = "composeonkubernetes/nginx:1.12.1-alpine"
 )
 
 var usedPorts = map[int]struct{}{}
@@ -1039,6 +1042,28 @@ configs:
 		})
 	})
 
+	It("Should deploy stacks with private images", func() {
+		err := ns.CreatePullSecret("test-pull-secret", "https://index.docker.io/v1/", privateImagePullUsername, privateImagePullPassword)
+		expectNoError(err)
+		s := &latest.Stack{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "with-private-images",
+			},
+			Spec: &latest.StackSpec{
+				Services: []latest.ServiceConfig{
+					{
+						Name:       "test-service",
+						Image:      privateImagePullImage,
+						PullSecret: "test-pull-secret",
+					},
+				},
+			},
+		}
+		s, err = ns.StacksV1alpha3().Create(s)
+		expectNoError(err)
+		waitUntil(ns.IsStackAvailable(s.Name))
+	})
+
 })
 
 func drainUntil(stream chan string, match string) bool {

internal/convert/pod.go

@@ -66,6 +66,7 @@ func toPodTemplate(serviceConfig latest.ServiceConfig, labels map[string]string,
 	if len(tpl.Spec.Containers) == 0 {
 		tpl.Spec.Containers = []apiv1.Container{{}}
 	}
+
 	containerIX := 0
 	for ix, c := range tpl.Spec.Containers {
 		if c.Name == serviceConfig.Name {
@@ -90,6 +91,16 @@ func toPodTemplate(serviceConfig latest.ServiceConfig, labels map[string]string,
 		Limits:   limits,
 		Requests: requests,
 	}
+
+	if serviceConfig.PullSecret != "" {
+		pullSecrets := map[string]struct{}{}
+		for _, ps := range tpl.Spec.ImagePullSecrets {
+			pullSecrets[ps.Name] = struct{}{}
+		}
+		if _, ok := pullSecrets[serviceConfig.PullSecret]; !ok {
+			tpl.Spec.ImagePullSecrets = append(tpl.Spec.ImagePullSecrets, apiv1.LocalObjectReference{Name: serviceConfig.PullSecret})
+		}
+	}
 	return tpl, nil
 }
 

internal/convert/pod_test.go

@@ -864,3 +864,18 @@ func TestToPodWithTwoExternalConfigsSameMountPoint(t *testing.T) {
 	assert.Equal(t, expectedVolumes, podTemplate.Spec.Volumes)
 	assert.Equal(t, expectedMounts, podTemplate.Spec.Containers[0].VolumeMounts)
 }
+
+func TestToPodWithPullSecret(t *testing.T) {
+	podTemplateWithSecret := podTemplate(t, Stack("demo",
+		WithService("nginx",
+			Image("nginx"),
+			PullSecret("test-pull-secret"),
+		)))
+	assert.Equal(t, 1, len(podTemplateWithSecret.Spec.ImagePullSecrets))
+	assert.Equal(t, "test-pull-secret", podTemplateWithSecret.Spec.ImagePullSecrets[0].Name)
+	podTemplateNoSecret := podTemplate(t, Stack("demo",
+		WithService("nginx",
+			Image("nginx"),
+		)))
+	assert.Nil(t, podTemplateNoSecret.Spec.ImagePullSecrets)
+}

internal/e2e/cluster/types.go

@@ -1,6 +1,7 @@
 package cluster
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"strings"
@@ -165,6 +166,55 @@ func (ns *Namespace) StacksV1beta1() composev1beta1.StackInterface {
 	return ns.stacks1
 }
 
+// StacksV1alpha3 returns a v1alpha3 client
+func (ns *Namespace) StacksV1alpha3() composev1alpha3.StackInterface {
+	return ns.stacksv1alpha3
+}
+
+// CreatePullSecret creates a pull secret
+func (ns *Namespace) CreatePullSecret(name, server, username, password string) error {
+	data, err := generatePullSecretData(server, username, password)
+	if err != nil {
+		return err
+	}
+	s := &apiv1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: ns.name,
+			Name:      name,
+		},
+		Type: apiv1.SecretTypeDockerConfigJson,
+		Data: map[string][]byte{
+			apiv1.DockerConfigJsonKey: data,
+		},
+	}
+	_, err = ns.Secrets().Create(s)
+	return err
+}
+
+func generatePullSecretData(server, username, password string) ([]byte, error) {
+	e := dockerConfigEntry{
+		Username: username,
+		Password: password,
+		Auth:     base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password))),
+	}
+	cfg := dockerConfigJSON{
+		Auths: map[string]dockerConfigEntry{
+			server: e,
+		},
+	}
+	return json.Marshal(&cfg)
+}
+
+type dockerConfigJSON struct {
+	Auths map[string]dockerConfigEntry `json:"auths"`
+}
+type dockerConfigEntry struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Email    string `json:"email,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+}
+
 // CreateStack creates a stack.
 func (ns *Namespace) CreateStack(strategy StackOperationStrategy, name, composeFile string) (*v1alpha3.Stack, error) {
 	switch strategy {

internal/test/builders/stack.go

@@ -113,6 +113,13 @@ func Image(reference string) func(*latest.ServiceConfig) {
 	}
 }
 
+// PullSecret specifies the name of the pull secret used for this service
+func PullSecret(name string) func(*latest.ServiceConfig) {
+	return func(c *latest.ServiceConfig) {
+		c.PullSecret = name
+	}
+}
+
 // StopGracePeriod specifies the stop-grace-period duration of a service
 func StopGracePeriod(duration time.Duration) func(*latest.ServiceConfig) {
 	return func(c *latest.ServiceConfig) {