Change signature of container runtime PullImage to allow pull w/ secret

pkg/kubelet/container/runtime.go

@@ -34,6 +34,13 @@ type Version interface {
 	String() string
 }
 
+// ImageSpec is an internal representation of an image.  Currently, it wraps the
+// value of a Container's Image field, but in the future it will include more detailed
+// information about the different image types.
+type ImageSpec struct {
+	Image string
+}
+
 // Runtime interface defines the interfaces that should be implemented
 // by a container runtime.
 type Runtime interface {
@@ -61,14 +68,15 @@ type Runtime interface {
 	ExecInContainer(containerID string, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool) error
 	// Forward the specified port from the specified pod to the stream.
 	PortForward(pod *Pod, port uint16, stream io.ReadWriteCloser) error
-	// PullImage pulls an image from the network to local storage.
-	PullImage(image string) error
+	// PullImage pulls an image from the network to local storage using the supplied
+	// secrets if necessary.
+	PullImage(image ImageSpec, secrets []api.Secret) error
 	// IsImagePresent checks whether the container image is already in the local storage.
-	IsImagePresent(image string) (bool, error)
+	IsImagePresent(image ImageSpec) (bool, error)
 	// Gets all images currently on the machine.
 	ListImages() ([]Image, error)
 	// Removes the specified image.
-	RemoveImage(image string) error
+	RemoveImage(image ImageSpec) error
 	// TODO(vmarmol): Unify pod and containerID args.
 	// GetContainerLogs returns logs of a specific container. By
 	// default, it returns a snapshot of the container log. Set 'follow' to true to

pkg/kubelet/dockertools/manager.go

@@ -743,18 +743,18 @@ func (dm *DockerManager) ListImages() ([]kubecontainer.Image, error) {
 
 // TODO(vmarmol): Consider unexporting.
 // PullImage pulls an image from network to local storage.
-func (dm *DockerManager) PullImage(image string) error {
-	return dm.Puller.Pull(image)
+func (dm *DockerManager) PullImage(image kubecontainer.ImageSpec, _ []api.Secret) error {
+	return dm.Puller.Pull(image.Image)
 }
 
 // IsImagePresent checks whether the container image is already in the local storage.
-func (dm *DockerManager) IsImagePresent(image string) (bool, error) {
-	return dm.Puller.IsImagePresent(image)
+func (dm *DockerManager) IsImagePresent(image kubecontainer.ImageSpec) (bool, error) {
+	return dm.Puller.IsImagePresent(image.Image)
 }
 
 // Removes the specified image.
-func (dm *DockerManager) RemoveImage(image string) error {
-	return dm.client.RemoveImage(image)
+func (dm *DockerManager) RemoveImage(image kubecontainer.ImageSpec) error {
+	return dm.client.RemoveImage(image.Image)
 }
 
 // podInfraContainerChanged returns true if the pod infra container has changed.
@@ -1156,8 +1156,9 @@ func (dm *DockerManager) createPodInfraContainer(pod *api.Pod) (kubeletTypes.Doc
 	if err != nil {
 		glog.Errorf("Couldn't make a ref to pod %v, container %v: '%v'", pod.Name, container.Name, err)
 	}
+	spec := kubecontainer.ImageSpec{container.Image}
 	// TODO: make this a TTL based pull (if image older than X policy, pull)
-	ok, err := dm.IsImagePresent(container.Image)
+	ok, err := dm.IsImagePresent(spec)
 	if err != nil {
 		if ref != nil {
 			dm.recorder.Eventf(ref, "failed", "Failed to inspect image %q: %v", container.Image, err)
@@ -1165,7 +1166,7 @@ func (dm *DockerManager) createPodInfraContainer(pod *api.Pod) (kubeletTypes.Doc
 		return "", err
 	}
 	if !ok {
-		if err := dm.PullImage(container.Image); err != nil {
+		if err := dm.PullImage(spec, nil); err != nil {
 			if ref != nil {
 				dm.recorder.Eventf(ref, "failed", "Failed to pull image %q: %v", container.Image, err)
 			}
@@ -1324,7 +1325,8 @@ func (dm *DockerManager) computePodContainerChanges(pod *api.Pod, runningPod kub
 
 // Pull the image for the specified pod and container.
 func (dm *DockerManager) pullImage(pod *api.Pod, container *api.Container) error {
-	present, err := dm.IsImagePresent(container.Image)
+	spec := kubecontainer.ImageSpec{container.Image}
+	present, err := dm.IsImagePresent(spec)
 	if err != nil {
 		ref, err := kubecontainer.GenerateContainerRef(pod, container)
 		if err != nil {
@@ -1340,7 +1342,7 @@ func (dm *DockerManager) pullImage(pod *api.Pod, container *api.Container) error
 		return nil
 	}
 
-	err = dm.PullImage(container.Image)
+	err = dm.PullImage(spec, nil)
 	dm.runtimeHooks.ReportImagePull(pod, container, err)
 	return err
 }

pkg/kubelet/rkt/rkt_linux.go

@@ -745,7 +745,8 @@ func (r *runtime) writeDockerAuthConfig(image string, creds docker.AuthConfigura
 //
 // https://github.com/GoogleCloudPlatform/kubernetes/issues/7203
 //
-func (r *runtime) PullImage(img string) error {
+func (r *runtime) PullImage(image kubecontainer.ImageSpec, _ []api.Secret) error {
+	img := image.Image
 	// TODO(yifan): The credential operation is a copy from dockertools package,
 	// Need to resolve the code duplication.
 	repoToPull, tag := parsers.ParseRepositoryTag(img)
@@ -775,7 +776,8 @@ func (r *runtime) PullImage(img string) error {
 // IsImagePresent returns true if the image is available on the machine.
 // TODO(yifan): 'rkt image' is now landed on master, use that once we bump up
 // the rkt version.
-func (r *runtime) IsImagePresent(img string) (bool, error) {
+func (r *runtime) IsImagePresent(image kubecontainer.ImageSpec) (bool, error) {
+	img := image.Image
 	if _, err := r.runCommand("prepare", "--local=true", dockerPrefix+img); err != nil {
 		return false, nil
 	}
@@ -786,7 +788,7 @@ func (r *runtime) ListImages() ([]kubecontainer.Image, error) {
 	return []kubecontainer.Image{}, fmt.Errorf("rkt: ListImages unimplemented")
 }
 
-func (r *runtime) RemoveImage(image string) error {
+func (r *runtime) RemoveImage(image kubecontainer.ImageSpec) error {
 	return fmt.Errorf("rkt: RemoveImages unimplemented")
 }