mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
fix image pulling failure when IMDS is unavailalbe in kubelet startup
fix test failure
This commit is contained in:
parent
867b5cc31b
commit
8b0ac045e2
@ -31,7 +31,6 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
|
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
|
||||||
"github.com/Azure/go-autorest/autorest"
|
|
||||||
"github.com/Azure/go-autorest/autorest/adal"
|
"github.com/Azure/go-autorest/autorest/adal"
|
||||||
"github.com/Azure/go-autorest/autorest/azure"
|
"github.com/Azure/go-autorest/autorest/azure"
|
||||||
"github.com/spf13/pflag"
|
"github.com/spf13/pflag"
|
||||||
@ -91,39 +90,6 @@ type RegistriesClient interface {
|
|||||||
List(ctx context.Context) ([]containerregistry.Registry, error)
|
List(ctx context.Context) ([]containerregistry.Registry, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// azRegistriesClient implements RegistriesClient.
|
|
||||||
type azRegistriesClient struct {
|
|
||||||
client containerregistry.RegistriesClient
|
|
||||||
}
|
|
||||||
|
|
||||||
func newAzRegistriesClient(subscriptionID, endpoint string, token *adal.ServicePrincipalToken) *azRegistriesClient {
|
|
||||||
registryClient := containerregistry.NewRegistriesClient(subscriptionID)
|
|
||||||
registryClient.BaseURI = endpoint
|
|
||||||
registryClient.Authorizer = autorest.NewBearerAuthorizer(token)
|
|
||||||
|
|
||||||
return &azRegistriesClient{
|
|
||||||
client: registryClient,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (az *azRegistriesClient) List(ctx context.Context) ([]containerregistry.Registry, error) {
|
|
||||||
iterator, err := az.client.ListComplete(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
result := make([]containerregistry.Registry, 0)
|
|
||||||
for ; iterator.NotDone(); err = iterator.Next() {
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
result = append(result, iterator.Value())
|
|
||||||
}
|
|
||||||
|
|
||||||
return result, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewACRProvider parses the specified configFile and returns a DockerConfigProvider
|
// NewACRProvider parses the specified configFile and returns a DockerConfigProvider
|
||||||
func NewACRProvider(configFile *string) credentialprovider.DockerConfigProvider {
|
func NewACRProvider(configFile *string) credentialprovider.DockerConfigProvider {
|
||||||
return &acrProvider{
|
return &acrProvider{
|
||||||
@ -136,7 +102,6 @@ type acrProvider struct {
|
|||||||
file *string
|
file *string
|
||||||
config *auth.AzureAuthConfig
|
config *auth.AzureAuthConfig
|
||||||
environment *azure.Environment
|
environment *azure.Environment
|
||||||
registryClient RegistriesClient
|
|
||||||
servicePrincipalToken *adal.ServicePrincipalToken
|
servicePrincipalToken *adal.ServicePrincipalToken
|
||||||
cache cache.Store
|
cache cache.Store
|
||||||
}
|
}
|
||||||
@ -209,11 +174,7 @@ func (a *acrProvider) Enabled() bool {
|
|||||||
a.servicePrincipalToken, err = auth.GetServicePrincipalToken(a.config, a.environment)
|
a.servicePrincipalToken, err = auth.GetServicePrincipalToken(a.config, a.environment)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Errorf("Failed to create service principal token: %v", err)
|
klog.Errorf("Failed to create service principal token: %v", err)
|
||||||
return false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
a.registryClient = newAzRegistriesClient(a.config.SubscriptionID, a.environment.ResourceManagerEndpoint, a.servicePrincipalToken)
|
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -324,11 +285,21 @@ func getLoginServer(registry containerregistry.Registry) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getACRDockerEntryFromARMToken(a *acrProvider, loginServer string) (*credentialprovider.DockerConfigEntry, error) {
|
func getACRDockerEntryFromARMToken(a *acrProvider, loginServer string) (*credentialprovider.DockerConfigEntry, error) {
|
||||||
// Run EnsureFresh to make sure the token is valid and does not expire
|
if a.servicePrincipalToken == nil {
|
||||||
if err := a.servicePrincipalToken.EnsureFresh(); err != nil {
|
token, err := auth.GetServicePrincipalToken(a.config, a.environment)
|
||||||
klog.Errorf("Failed to ensure fresh service principal token: %v", err)
|
if err != nil {
|
||||||
return nil, err
|
klog.Errorf("Failed to create service principal token: %v", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
a.servicePrincipalToken = token
|
||||||
|
} else {
|
||||||
|
// Run EnsureFresh to make sure the token is valid and does not expire
|
||||||
|
if err := a.servicePrincipalToken.EnsureFresh(); err != nil {
|
||||||
|
klog.Errorf("Failed to ensure fresh service principal token: %v", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
armAccessToken := a.servicePrincipalToken.OAuthToken()
|
armAccessToken := a.servicePrincipalToken.OAuthToken()
|
||||||
|
|
||||||
klog.V(4).Infof("discovering auth redirects for: %s", loginServer)
|
klog.V(4).Infof("discovering auth redirects for: %s", loginServer)
|
||||||
|
@ -21,7 +21,6 @@ package azure
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
|
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
|
||||||
@ -32,14 +31,6 @@ import (
|
|||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
type fakeClient struct {
|
|
||||||
results []containerregistry.Registry
|
|
||||||
}
|
|
||||||
|
|
||||||
func (f *fakeClient) List(ctx context.Context) ([]containerregistry.Registry, error) {
|
|
||||||
return f.results, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test(t *testing.T) {
|
func Test(t *testing.T) {
|
||||||
configStr := `
|
configStr := `
|
||||||
{
|
{
|
||||||
@ -72,13 +63,9 @@ func Test(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
fakeClient := &fakeClient{
|
|
||||||
results: result,
|
|
||||||
}
|
|
||||||
|
|
||||||
provider := &acrProvider{
|
provider := &acrProvider{
|
||||||
registryClient: fakeClient,
|
cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
|
||||||
cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
|
|
||||||
}
|
}
|
||||||
provider.loadConfig(bytes.NewBufferString(configStr))
|
provider.loadConfig(bytes.NewBufferString(configStr))
|
||||||
|
|
||||||
@ -133,8 +120,7 @@ func TestProvide(t *testing.T) {
|
|||||||
|
|
||||||
for i, test := range testCases {
|
for i, test := range testCases {
|
||||||
provider := &acrProvider{
|
provider := &acrProvider{
|
||||||
registryClient: &fakeClient{},
|
cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
|
||||||
cache: cache.NewExpirationStore(stringKeyFunc, &acrExpirationPolicy{}),
|
|
||||||
}
|
}
|
||||||
provider.loadConfig(bytes.NewBufferString(test.configStr))
|
provider.loadConfig(bytes.NewBufferString(test.configStr))
|
||||||
|
|
||||||
@ -149,21 +135,8 @@ func TestParseACRLoginServerFromImage(t *testing.T) {
|
|||||||
"aadClientId": "foo",
|
"aadClientId": "foo",
|
||||||
"aadClientSecret": "bar"
|
"aadClientSecret": "bar"
|
||||||
}`
|
}`
|
||||||
result := []containerregistry.Registry{
|
|
||||||
{
|
|
||||||
Name: to.StringPtr("foo"),
|
|
||||||
RegistryProperties: &containerregistry.RegistryProperties{
|
|
||||||
LoginServer: to.StringPtr("*.azurecr.io"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
fakeClient := &fakeClient{
|
|
||||||
results: result,
|
|
||||||
}
|
|
||||||
|
|
||||||
provider := &acrProvider{
|
provider := &acrProvider{}
|
||||||
registryClient: fakeClient,
|
|
||||||
}
|
|
||||||
provider.loadConfig(bytes.NewBufferString(configStr))
|
provider.loadConfig(bytes.NewBufferString(configStr))
|
||||||
provider.environment = &azure.Environment{
|
provider.environment = &azure.Environment{
|
||||||
ContainerRegistryDNSSuffix: ".azurecr.my.cloud",
|
ContainerRegistryDNSSuffix: ".azurecr.my.cloud",
|
||||||
|
Loading…
Reference in New Issue
Block a user