openfaas · alexellis · Feb 11, 2020 · Feb 9, 2020 · Feb 9, 2020 · alexellis
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -41,3 +41,7 @@
 [[constraint]]
   name = "github.com/openfaas/faas-provider"
   version = "0.14.0"
+
+[[constraint]]
+  name = "github.com/docker/cli"
+  version = "19.3.5"
diff --git a/README.md b/README.md
@@ -49,6 +49,10 @@ You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular
 
 * [faasd - lightweight Serverless for your Raspberry Pi](https://blog.alexellis.io/faasd-for-lightweight-serverless/)
 
+### Using private repos
+
+To use private image repos, `~/.docker/config.json` needs to be copied to `/var/lib/faasd/.docker/config.json`.
+
 ### Manual / developer instructions
 
 See [here for manual / developer instructions](docs/DEV.md)

diff --git a/pkg/provider/handlers/deploy.go b/pkg/provider/handlers/deploy.go
@@ -9,17 +9,17 @@ import (
 	"net/http"
 	"os"
 	"path"
-	"strings"
 
-	cninetwork "github.com/openfaas/faasd/pkg/cninetwork"
-	"github.com/openfaas/faasd/pkg/service"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/oci"
 	gocni "github.com/containerd/go-cni"
+	"github.com/docker/distribution/reference"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/openfaas/faas-provider/types"
+	cninetwork "github.com/openfaas/faasd/pkg/cninetwork"
+	"github.com/openfaas/faasd/pkg/service"
 	"github.com/pkg/errors"
 )
 
@@ -64,11 +64,11 @@ func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 }
 
 func deploy(ctx context.Context, req types.FunctionDeployment, client *containerd.Client, cni gocni.CNI, secretMountPath string) error {
-
-	imgRef := "docker.io/" + req.Image
-	if strings.Index(req.Image, ":") == -1 {
-		imgRef = imgRef + ":latest"
+	r, err := reference.ParseNormalizedNamed(req.Image)
+	if err != nil {
+		return err
 	}
+	imgRef := reference.TagNameOnly(r).String()
 
 	snapshotter := ""
 	if val, ok := os.LookupEnv("snapshotter"); ok {

diff --git a/pkg/service/service.go b/pkg/service/service.go
@@ -4,14 +4,23 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"os"
+	"path/filepath"
 	"sync"
 	"time"
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/cli/config/configfile"
 	"golang.org/x/sys/unix"
 )
 
+// dockerConfigDir contains "config.json"
+const dockerConfigDir = "/var/lib/faasd/.docker/"
+
 // Remove removes a container
 func Remove(ctx context.Context, client *containerd.Client, name string) error {
 
@@ -90,16 +99,59 @@ func killTask(ctx context.Context, task containerd.Task) error {
 	return err
 }
 
+func getResolver(ctx context.Context, configFile *configfile.ConfigFile) (remotes.Resolver, error) {
+	// credsFunc is based on https://github.com/moby/buildkit/blob/0b130cca040246d2ddf55117eeff34f546417e40/session/auth/authprovider/authprovider.go#L35
+	credFunc := func(host string) (string, string, error) {
+		if host == "registry-1.docker.io" {
+			host = "https://index.docker.io/v1/"
+		}
+		ac, err := configFile.GetAuthConfig(host)
+		if err != nil {
+			return "", "", err
+		}
+		if ac.IdentityToken != "" {
+			return "", ac.IdentityToken, nil
+		}
+		return ac.Username, ac.Password, nil
+	}
+	authOpts := []docker.AuthorizerOpt{docker.WithAuthCreds(credFunc)}
+	authorizer := docker.NewDockerAuthorizer(authOpts...)
+	opts := docker.ResolverOptions{
+		Hosts: docker.ConfigureDefaultRegistries(docker.WithAuthorizer(authorizer)),
+	}
+	return docker.NewResolver(opts), nil
+}
+
 func PrepareImage(ctx context.Context, client *containerd.Client, imageName, snapshotter string) (containerd.Image, error) {
+	var (
+		empty    containerd.Image
+		resolver remotes.Resolver
+	)
+	if _, stErr := os.Stat(filepath.Join(dockerConfigDir, config.ConfigFileName)); stErr == nil {
+		configFile, err := config.Load(dockerConfigDir)
+		if err != nil {
+			return nil, err
+		}
+		resolver, err = getResolver(ctx, configFile)
+		if err != nil {
+			return empty, err
+		}
+	} else if !os.IsNotExist(stErr) {
+		return empty, stErr
+	}
 
-	var empty containerd.Image
 	image, err := client.GetImage(ctx, imageName)
 	if err != nil {
 		if !errdefs.IsNotFound(err) {
 			return empty, err
 		}
-
-		img, err := client.Pull(ctx, imageName, containerd.WithPullUnpack)
+		rOpts := []containerd.RemoteOpt{
+			containerd.WithPullUnpack,
+		}
+		if resolver != nil {
+			rOpts = append(rOpts, containerd.WithResolver(resolver))
+		}
+		img, err := client.Pull(ctx, imageName, rOpts...)
 		if err != nil {
 			return empty, fmt.Errorf("cannot pull: %s", err)
 		}

diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go
diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go