/
image_pull_secret.go
57 lines (46 loc) · 1.46 KB
/
image_pull_secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package namespacecontroller
import (
"bytes"
"context"
"encoding/json"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
ctrlutil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
)
func (r *NamespaceReconciler) reconcileImagePullSecret(ctx context.Context, namespace *corev1.Namespace) (reconcile.Result, error) {
secret := corev1.Secret{ObjectMeta: metav1.ObjectMeta{Namespace: namespace.Name, Name: "github-auth"}}
_, err := ctrlutil.CreateOrPatch(ctx, r.GetClient(), &secret, func() error {
// Set namespace as owner of the sidecar
err := ctrlutil.SetControllerReference(namespace, &secret, r.GetScheme())
if err != nil {
return err
}
secret.Type = corev1.SecretTypeDockerConfigJson
cfg := dockerConfigJson{}
cfg.Auths = make(map[string]dockerConfigAuth, 1)
auth := dockerConfigAuth{}
auth.Auth = r.Token
cfg.Auths[r.Registry] = auth
var buf bytes.Buffer
enc := json.NewEncoder(&buf)
err = enc.Encode(cfg)
if err != nil {
return err
}
secret.Data = make(map[string][]byte, 1)
secret.Data[".dockerconfigjson"] = buf.Bytes()
return nil
})
return reconcile.Result{}, err
}
// Filter for secrets named github-auth
func isImagePullSecret(secret *corev1.Secret) bool {
return secret.Name == "github-auth"
}
type dockerConfigJson struct {
Auths map[string]dockerConfigAuth `json:"auths"`
}
type dockerConfigAuth struct {
Auth string `json:"auth"`
}