Merge pull request #921 from tanguofu/fea/registry_auths

fea(#915): support custom private registry authorization

apis/kubekey/v1alpha2/cluster_types.go

@@ -18,13 +18,15 @@ package v1alpha2
 
 import (
 	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+
 	"github.com/kubesphere/kubekey/pkg/core/logger"
 	"github.com/kubesphere/kubekey/pkg/core/util"
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"regexp"
-	"strconv"
-	"strings"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
@@ -179,9 +181,10 @@ type ControlPlaneEndpoint struct {
 
 // RegistryConfig defines the configuration information of the image's repository.
 type RegistryConfig struct {
-	RegistryMirrors    []string `yaml:"registryMirrors" json:"registryMirrors,omitempty"`
-	InsecureRegistries []string `yaml:"insecureRegistries" json:"insecureRegistries,omitempty"`
-	PrivateRegistry    string   `yaml:"privateRegistry" json:"privateRegistry,omitempty"`
+	RegistryMirrors    []string             `yaml:"registryMirrors" json:"registryMirrors,omitempty"`
+	InsecureRegistries []string             `yaml:"insecureRegistries" json:"insecureRegistries,omitempty"`
+	PrivateRegistry    string               `yaml:"privateRegistry" json:"privateRegistry,omitempty"`
+	Auths              runtime.RawExtension `yaml:"Auths" json:"Auths,omitempty"`
 }
 
 // KubeSphere defines the configuration information of the KubeSphere.

docs/config-example.md

@@ -48,6 +48,12 @@ spec:
     registryMirrors: []
     insecureRegistries: []
     privateRegistry: ""
+    auths: # if docker add by `docker login`, if containerd append to `/etc/containerd/config.toml`
+      "registry-1.docker.io":
+        username : "xxx"
+        password : "***"
+
+
   addons: [] # You can install cloud-native addons (Chart or YAML) by using this field.
 
 ---

pkg/container/docker.go

@@ -18,13 +18,15 @@ package container
 
 import (
 	"fmt"
+	"path"
+	"path/filepath"
+
 	"github.com/kubesphere/kubekey/pkg/common"
+	"github.com/kubesphere/kubekey/pkg/container/templates"
 	"github.com/kubesphere/kubekey/pkg/core/connector"
 	"github.com/kubesphere/kubekey/pkg/files"
 	"github.com/kubesphere/kubekey/pkg/utils"
 	"github.com/pkg/errors"
-	"path"
-	"path/filepath"
 )
 
 type SyncDockerBinaries struct {
@@ -74,3 +76,27 @@ func (e *EnableDocker) Execute(runtime connector.Runtime) error {
 	}
 	return nil
 }
+
+type DockerLoginRegistry struct {
+	common.KubeAction
+}
+
+func (p *DockerLoginRegistry) Execute(runtime connector.Runtime) error {
+
+	auths := templates.Auths(p.KubeConf)
+
+	for repo, entry := range auths {
+
+		cmd := fmt.Sprintf("docker login --username \"%s\" --password \"%s\" %s", entry.Username, entry.Password, repo)
+		if _, err := runtime.GetRunner().SudoCmd(cmd, false); err != nil {
+			return errors.Wrapf(err, "login registry failed, cmd: %v, err:%v", cmd, err)
+		}
+	}
+
+	cmd := "mkdir -p /.docker && cp -f $HOME/.docker/config.json /.docker/ && chmod 0644 /.docker/config.json "
+	if _, err := runtime.GetRunner().SudoCmd(cmd, false); err != nil {
+		return errors.Wrapf(err, "copy docker auths failed cmd: %v, err:%v", cmd, err)
+	}
+
+	return nil
+}

pkg/container/module.go

@@ -145,13 +145,26 @@ func InstallDocker(m *InstallContainerModule) []task.Interface {
 		Parallel: true,
 	}
 
+	dockerLoginRegistry := &task.RemoteTask{
+		Name:  "Login PrivateRegistry",
+		Desc:  "Add auths to container runtime",
+		Hosts: m.Runtime.GetAllHosts(),
+		Prepare: &prepare.PrepareCollection{
+			&kubernetes.NodeInCluster{Not: true},
+			&DockerExist{},
+		},
+		Action:   new(DockerLoginRegistry),
+		Parallel: true,
+	}
+
 	return []task.Interface{
 		syncBinaries,
 		generateContainerdService,
 		enableContainerd,
 		generateDockerService,
 		generateDockerConfig,
 		enableDocker,
+		dockerLoginRegistry,
 	}
 }
 
@@ -212,6 +225,7 @@ func InstallContainerd(m *InstallContainerModule) []task.Interface {
 				"Mirrors":            templates.Mirrors(m.KubeConf),
 				"InsecureRegistries": templates.InsecureRegistries(m.KubeConf),
 				"SandBoxImage":       images.GetImage(m.Runtime, m.KubeConf, "pause").ImageName(),
+				"Auths":              templates.Auths(m.KubeConf),
 			},
 		},
 		Parallel: true,

pkg/container/templates/containerd_config.go

@@ -17,8 +17,9 @@
 package templates
 
 import (
-	"github.com/lithammer/dedent"
 	"text/template"
+
+	"github.com/lithammer/dedent"
 )
 
 var ContainerdConfig = template.Must(template.New("config.toml").Parse(
@@ -74,4 +75,14 @@ state = "/run/containerd"
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
           endpoint = ["https://registry-1.docker.io"]
         {{- end}}
+      
+        {{- if .Auths }}
+        [plugins."io.containerd.grpc.v1.cri".registry.configs]
+          {{- range $repo, $entry := .Auths }}
+          [plugins."io.containerd.grpc.v1.cri".registry.configs."{{$repo}}"]
+            username = "{{$entry.Username}}"
+            password = "{{$entry.Password}}"
+          {{- end}}
+        {{- end}}
+      
     `)))

pkg/container/templates/docker_config.go

@@ -17,11 +17,14 @@
 package templates
 
 import (
+	"encoding/json"
 	"fmt"
-	"github.com/kubesphere/kubekey/pkg/common"
-	"github.com/lithammer/dedent"
 	"strings"
 	"text/template"
+
+	"github.com/kubesphere/kubekey/pkg/common"
+	"github.com/kubesphere/kubekey/pkg/core/logger"
+	"github.com/lithammer/dedent"
 )
 
 var DockerConfig = template.Must(template.New("daemon.json").Parse(
@@ -63,3 +66,23 @@ func InsecureRegistries(kubeConf *common.KubeConf) string {
 	}
 	return insecureRegistries
 }
+
+type DockerConfigEntry struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+func Auths(kubeConf *common.KubeConf) (auths map[string]DockerConfigEntry) {
+
+	if len(kubeConf.Cluster.Registry.Auths.Raw) == 0 {
+		return
+	}
+
+	err := json.Unmarshal(kubeConf.Cluster.Registry.Auths.Raw, &auths)
+	if err != nil {
+		logger.Log.Fatal("Failed to Parse Registry Auths configuration: %v", kubeConf.Cluster.Registry.Auths.Raw)
+		return
+	}
+
+	return
+}