Skip to content
This repository has been archived by the owner on Feb 2, 2021. It is now read-only.

Commit

Permalink
Create pull secrets for kubernetes
Browse files Browse the repository at this point in the history 
This commit creates secrets to pull function images from private docker registry
for kubernetes.

Fixes: #80

Signed-off-by: Vivek Singh <viveks@akamai.com>
  • Loading branch information
Vivek Singh committed Mar 4, 2019
1 parent e4fa99c commit a90baf4
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 0 deletions.
6 changes: 6 additions & 0 deletions example.init.yaml
View file
Expand Up @@ -85,6 +85,12 @@ secrets:
- name: "config.json"
value_from: "~/.docker/config.json"
namespace: "openfaas"
- name: "registry-secret"
files:
- name: ".dockerconfigjson"
value_from: "~/.docker/config.json"
namespace: "openfaas-fn"
type: "kubernetes.io/dockerconfigjson"


### Docker registry
Expand Down
25 changes: 25 additions & 0 deletions main.go
View file
Expand Up @@ -174,6 +174,11 @@ func process(plan types.Plan) error {

createSecrets(plan)

saErr := patchFnServiceaccount()
if saErr != nil {
log.Println(saErr)
}

minioErr := installMinio()
if minioErr != nil {
log.Println(minioErr)
Expand Down Expand Up @@ -414,6 +419,26 @@ func installMinio() error {
return nil
}

func patchFnServiceaccount() error {
log.Println("Patching openfaas-fn serviceaccount for pull secrets")

task := execute.ExecTask{
Command: "scripts/patch-fn-serviceaccount.sh",
Shell: true,
}

res, err := task.Execute()

if err != nil {
return err
}

log.Println(res.Stdout)
log.Println(res.Stderr)

return nil
}

func installCertmanager() error {
log.Println("Creating Cert-Manager")

Expand Down
5 changes: 5 additions & 0 deletions pkg/types/secrets.go
View file
Expand Up @@ -22,6 +22,10 @@ func CreateDockerSecret(kvn KeyValueNamespaceTuple) string {
func CreateK8sSecret(kvn KeyValueNamespaceTuple) string {
secretCmd := fmt.Sprintf("kubectl create secret generic -n %s %s", kvn.Namespace, kvn.Name)

if len(kvn.Type) != 0 {
secretCmd = fmt.Sprintf("%s --type=%s", secretCmd, kvn.Type)
}

for _, key := range kvn.Literals {
secretValue := key.Value
if len(secretValue) == 0 {
Expand All @@ -34,6 +38,7 @@ func CreateK8sSecret(kvn KeyValueNamespaceTuple) string {
}

secretCmd = fmt.Sprintf(`%s --from-literal=%s=%s`, secretCmd, key.Name, secretValue)

}

for _, file := range kvn.Files {
Expand Down
1 change: 1 addition & 0 deletions pkg/types/types.go
View file
Expand Up @@ -48,6 +48,7 @@ type KeyValueNamespaceTuple struct {
Literals []KeyValueTuple `yaml:"literals"`
Namespace string `yaml:"namespace"`
Files []FileSecret `yaml:"files"`
Type string `yaml:"type"`
}

type Github struct {
Expand Down
3 changes: 3 additions & 0 deletions scripts/patch-fn-serviceaccount.sh
View file
@@ -0,0 +1,3 @@
#!/bin/bash

kubectl patch serviceaccount default -p '{"secrets": [{"name": "registry-secret"}]}' -n openfaas-fn

0 comments on commit a90baf4

Please sign in to comment.