Merge pull request #309 from covexo/issue-307

FabianKramm · web-flow · commit 2f84f9909029 · 2018-10-23T11:39:30.000+02:00
Issue 307
diff --git a/docs/docs/configuration/config.yaml.md b/docs/docs/configuration/config.yaml.md
@@ -109,6 +109,7 @@ DockerConfig:
 KanikoConfig:
 - `cache` *bool* if true the last image build is used as cache repository
 - `namespace` *string* specifies the namespace where the build pod should be started
+- `pullSecret` *string* mount this pullSecret instead of creating one to authenticate to the registry
 
 ### images[].build.options
 BuildOptions:
diff --git a/examples/kaniko/.devspace/config.yaml b/examples/kaniko/.devspace/config.yaml
@@ -26,5 +26,4 @@ images:
     build:
       kaniko:
         cache: true
-        namespace: ""
     name: yourdockername/kaniko
diff --git a/examples/kaniko/README.md b/examples/kaniko/README.md
@@ -4,21 +4,20 @@ This example shows how kaniko can be used instead of docker to build and push an
 
 # Step 0: Prerequisites
 
-In order for this example to work you need access to a docker registry, where you can push images to (e.g. hub.docker.com, gcr.io etc.). There are two options how you can push images to registries with devspace. 
+In order for this example to work you need access to a docker registry, where you can push images to (e.g. hub.docker.com, gcr.io etc.). There are three options how you can push images to registries with devspace. 
 
 ## Option 1: Use docker credentials store
 If you have docker installed, devspace can take the required auth information directly out of the docker credentials store and will create the needed secret for you in the target cluster automatically. Make sure you are logged in the registry with `docker login`.  
 
 ## Option 2: Provide auth information yourself
-As a second option you can provide your credentials directly in the config.yaml. See example below:
+As a second option you can provide your credentials directly in the config.yaml and devspace cli will create a pull secret for you automatically. See example below:
 
 ```yaml
 images:
   default:
     build:
       kaniko:
         cache: true
-        namespace: ""
     # Don't prefix image name with registry url 
     name: name/devspace
     registry: myRegistry
@@ -33,6 +32,37 @@ registries:
 
 devspace will then automatically create a secret for you which kaniko can use to push to that registry.  
 
+## Option 3: Provide kaniko pull secret yourself
+As a third option you can provide the pullSecret to use for kaniko yourself. Make sure the pull secret has the following form:
+
+```yaml
+apiVersion: v1
+kind: Secret
+data:
+  # .dockerconfigjson encoded in base64 e.g.: 
+  # {
+  #		"auths": {
+  #			"myRegistryUrl": {
+  #				"auth": "base64Encoded(user:password/token)",
+  #				"email": "myemail@test.de"
+  #			}
+  #		}
+  #	}
+  .dockerconfigjson: BASE64EncodedDockerConfigJson
+```
+
+Now specify the pullsecret name as the pull secret to use for kaniko in the .devspace/config:
+
+```yaml
+images:
+  default:
+    build:
+      kaniko:
+        cache: true
+    name: registryName/name/devspace
+    pullSecret: myPullSecretName
+```
+
 ## Optional: Use self hosted cluster (minikube, GKE etc.) instead of devspace-cloud
 
 If you want to use your own cluster instead of the devspace-cloud as deployment target, make sure `kubectl` is configured correctly to access the target cluster. Then just erase the `cluster` section in the `.devspace/config.yaml` and devspace will use your current kubectl context as deployment target.  
diff --git a/pkg/devspace/builder/kaniko/kaniko.go b/pkg/devspace/builder/kaniko/kaniko.go
@@ -23,6 +23,7 @@ import (
 // Builder holds the necessary information to build and push docker images
 type Builder struct {
 	RegistryURL      string
+	PullSecretName   string
 	ImageName        string
 	ImageTag         string
 	PreviousImageTag string
@@ -33,9 +34,10 @@ type Builder struct {
 }
 
 // NewBuilder creates a new kaniko.Builder instance
-func NewBuilder(registryURL, imageName, imageTag, lastImageTag, buildNamespace string, kubectl *kubernetes.Clientset, allowInsecureRegistry bool) (*Builder, error) {
+func NewBuilder(registryURL, pullSecretName, imageName, imageTag, lastImageTag, buildNamespace string, kubectl *kubernetes.Clientset, allowInsecureRegistry bool) (*Builder, error) {
 	return &Builder{
 		RegistryURL:           registryURL,
+		PullSecretName:        pullSecretName,
 		ImageName:             imageName,
 		ImageTag:              imageTag,
 		PreviousImageTag:      lastImageTag,
@@ -47,6 +49,10 @@ func NewBuilder(registryURL, imageName, imageTag, lastImageTag, buildNamespace s
 
 // Authenticate authenticates kaniko for pushing to the RegistryURL (if username == "", it will try to get login data from local docker daemon)
 func (b *Builder) Authenticate(username, password string, checkCredentialsStore bool) (*types.AuthConfig, error) {
+	if b.PullSecretName != "" {
+		return nil, nil
+	}
+
 	email := "noreply@devspace-cloud.com"
 
 	if len(username) == 0 {
@@ -74,6 +80,10 @@ func (b *Builder) Authenticate(username, password string, checkCredentialsStore
 // BuildImage builds a dockerimage within a kaniko pod
 func (b *Builder) BuildImage(contextPath, dockerfilePath string, options *types.ImageBuildOptions) error {
 	pullSecretName := registry.GetRegistryAuthSecretName(b.RegistryURL)
+	if b.PullSecretName != "" {
+		pullSecretName = b.PullSecretName
+	}
+
 	randString, _ := randutil.GenerateRandomString(12)
 	buildID := strings.ToLower(randString)
 	buildPod := &k8sv1.Pod{
diff --git a/pkg/devspace/config/v1/image.go b/pkg/devspace/config/v1/image.go
@@ -19,8 +19,9 @@ type BuildConfig struct {
 
 // KanikoConfig tells the DevSpace CLI to build with Docker on Minikube or on localhost
 type KanikoConfig struct {
-	Cache     *bool   `yaml:"cache"`
-	Namespace *string `yaml:"namespace,omitempty"`
+	Cache      *bool   `yaml:"cache"`
+	Namespace  *string `yaml:"namespace,omitempty"`
+	PullSecret *string `yaml:"pullSecret,omitempty"`
 }
 
 // DockerConfig tells the DevSpace CLI to build with Docker on Minikube or on localhost
diff --git a/pkg/devspace/image/build.go b/pkg/devspace/image/build.go
@@ -107,7 +107,12 @@ func Build(client *kubernetes.Clientset, generatedConfig *generated.Config, imag
 				allowInsecurePush = *registryConf.Insecure
 			}
 
-			imageBuilder, err = kaniko.NewBuilder(registryURL, imageName, imageTag, (*generatedConfig).ImageTags[imageName], buildNamespace, client, allowInsecurePush)
+			pullSecret := ""
+			if imageConf.Build.Kaniko.PullSecret != nil {
+				pullSecret = *imageConf.Build.Kaniko.PullSecret
+			}
+
+			imageBuilder, err = kaniko.NewBuilder(registryURL, pullSecret, imageName, imageTag, (*generatedConfig).ImageTags[imageName], buildNamespace, client, allowInsecurePush)
 			if err != nil {
 				log.Fatalf("Error creating kaniko builder: %v", err)
 			}

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,12 @@ func Build(client kubernetes.Clientset, generatedConfig generated.Config, imag`
`107`	`107`	`allowInsecurePush = *registryConf.Insecure`
`108`	`108`	`}`
`109`	`109`
`110`		`- imageBuilder, err = kaniko.NewBuilder(registryURL, imageName, imageTag, (*generatedConfig).ImageTags[imageName], buildNamespace, client, allowInsecurePush)`
	`110`	`+ pullSecret := ""`
	`111`	`+ if imageConf.Build.Kaniko.PullSecret != nil {`
	`112`	`+ pullSecret = *imageConf.Build.Kaniko.PullSecret`
	`113`	`+ }`
	`114`	`+`
	`115`	`+ imageBuilder, err = kaniko.NewBuilder(registryURL, pullSecret, imageName, imageTag, (*generatedConfig).ImageTags[imageName], buildNamespace, client, allowInsecurePush)`
`111`	`116`	`if err != nil {`
`112`	`117`	`log.Fatalf("Error creating kaniko builder: %v", err)`
`113`	`118`	`}`