github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-07 19:45:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add an option to set the ImagePullSecrets

Browse Source
This commit is contained in:
M. Mert Yildiran 2023-01-07 14:20:01 +03:00
parent 45f8c8a834
commit 894f97ca41
No known key found for this signature in database
GPG Key ID: DA5D6DCBB758A461
7 changed files with 47 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/tap.go
View File

@ -46,6 +46,8 @@ func init() {
tapCmd.Flags().StringP(configStructs.DockerRegistryLabel, "r", defaultTapConfig.Docker.Registry, "The Docker registry that's hosting the images.") tapCmd.Flags().StringP(configStructs.DockerRegistryLabel, "r", defaultTapConfig.Docker.Registry, "The Docker registry that's hosting the images.")
tapCmd.Flags().StringP(configStructs.DockerTagLabel, "t", defaultTapConfig.Docker.Tag, "The tag of the Docker images that are going to be pulled.") tapCmd.Flags().StringP(configStructs.DockerTagLabel, "t", defaultTapConfig.Docker.Tag, "The tag of the Docker images that are going to be pulled.")
tapCmd.Flags().String(configStructs.DockerImagePullPolicy, defaultTapConfig.Docker.ImagePullPolicy, "ImagePullPolicy for the Docker images.")
tapCmd.Flags().StringSlice(configStructs.DockerImagePullSecrets, defaultTapConfig.Docker.ImagePullSecrets, "ImagePullSecrets for the Docker images.")
tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.SrcPort, "Provide a custom port for the front-end proxy/port-forward.") tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.SrcPort, "Provide a custom port for the front-end proxy/port-forward.")
tapCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.SrcPort, "Provide a custom port for the Hub proxy/port-forward.") tapCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.SrcPort, "Provide a custom port for the Hub proxy/port-forward.")
tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward.") tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward.")

3
cmd/tapRunner.go
View File

@ -82,7 +82,7 @@ func tap() {
} }
log.Info().Msg(fmt.Sprintf("Waiting for the creation of %s resources...", misc.Software)) log.Info().Msg(fmt.Sprintf("Waiting for the creation of %s resources...", misc.Software))
if state.selfServiceAccountExists, err = resources.CreateHubResources(ctx, kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.SelfNamespace, config.Config.Tap.Resources.Hub, config.Config.ImagePullPolicy(), config.Config.Tap.Debug); err != nil { if state.selfServiceAccountExists, err = resources.CreateHubResources(ctx, kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.SelfNamespace, config.Config.Tap.Resources.Hub, config.Config.ImagePullPolicy(), config.Config.ImagePullSecrets(), config.Config.Tap.Debug); err != nil {
var statusError *k8serrors.StatusError var statusError *k8serrors.StatusError
if errors.As(err, &statusError) && (statusError.ErrStatus.Reason == metav1.StatusReasonAlreadyExists) { if errors.As(err, &statusError) && (statusError.ErrStatus.Reason == metav1.StatusReasonAlreadyExists) {
log.Warn().Msg(fmt.Sprintf("%s is already running in this namespace, change the `selfnamespace` configuration or run `%s clean` to remove the currently running %s instance", misc.Software, misc.Program, misc.Software)) log.Warn().Msg(fmt.Sprintf("%s is already running in this namespace, change the `selfnamespace` configuration or run `%s clean` to remove the currently running %s instance", misc.Software, misc.Program, misc.Software))
@ -134,6 +134,7 @@ func startWorkerSyncer(ctx context.Context, cancel context.CancelFunc, provider
SelfNamespace: config.Config.SelfNamespace, SelfNamespace: config.Config.SelfNamespace,
WorkerResources: config.Config.Tap.Resources.Worker, WorkerResources: config.Config.Tap.Resources.Worker,
ImagePullPolicy: config.Config.ImagePullPolicy(), ImagePullPolicy: config.Config.ImagePullPolicy(),
ImagePullSecrets: config.Config.ImagePullSecrets(),
SelfServiceAccountExists: state.selfServiceAccountExists, SelfServiceAccountExists: state.selfServiceAccountExists,
ServiceMesh: config.Config.Tap.ServiceMesh, ServiceMesh: config.Config.Tap.ServiceMesh,
Tls: config.Config.Tap.Tls, Tls: config.Config.Tap.Tls,

9
config/configStruct.go
View File

@ -45,6 +45,15 @@ func (config *ConfigStruct) ImagePullPolicy() v1.PullPolicy {
return v1.PullPolicy(config.Tap.Docker.ImagePullPolicy) return v1.PullPolicy(config.Tap.Docker.ImagePullPolicy)
} }
func (config *ConfigStruct) ImagePullSecrets() []v1.LocalObjectReference {
var ref []v1.LocalObjectReference
for _, name := range config.Tap.Docker.ImagePullSecrets {
ref = append(ref, v1.LocalObjectReference{Name: name})
}
return ref
}
func (config *ConfigStruct) IsNsRestrictedMode() bool { func (config *ConfigStruct) IsNsRestrictedMode() bool {
return config.SelfNamespace != misc.Program // Notice "kubeshark" string must match the default SelfNamespace return config.SelfNamespace != misc.Program // Notice "kubeshark" string must match the default SelfNamespace
} }

35
config/configStructs/tapConfig.go
View File

@ -10,19 +10,21 @@ import (
) )
const ( const (
DockerRegistryLabel = "docker-registry" DockerRegistryLabel = "docker-registry"
DockerTagLabel = "docker-tag" DockerTagLabel = "docker-tag"
ProxyFrontPortLabel = "proxy-front-port" DockerImagePullPolicy = "docker-imagepullpolicy"
ProxyHubPortLabel = "proxy-hub-port" DockerImagePullSecrets = "docker-imagepullsecrets"
ProxyHostLabel = "proxy-host" ProxyFrontPortLabel = "proxy-front-port"
NamespacesLabel = "namespaces" ProxyHubPortLabel = "proxy-hub-port"
AllNamespacesLabel = "allnamespaces" ProxyHostLabel = "proxy-host"
StorageLimitLabel = "storagelimit" NamespacesLabel = "namespaces"
DryRunLabel = "dryrun" AllNamespacesLabel = "allnamespaces"
PcapLabel = "pcap" StorageLimitLabel = "storagelimit"
ServiceMeshLabel = "servicemesh" DryRunLabel = "dryrun"
TlsLabel = "tls" PcapLabel = "pcap"
DebugLabel = "debug" ServiceMeshLabel = "servicemesh"
TlsLabel = "tls"
DebugLabel = "debug"
) )
type WorkerConfig struct { type WorkerConfig struct {
@ -48,9 +50,10 @@ type ProxyConfig struct {
} }
type DockerConfig struct { type DockerConfig struct {
Registry string `yaml:"registry" default:"docker.io/kubeshark"` Registry string `yaml:"registry" default:"docker.io/kubeshark"`
Tag string `yaml:"tag" default:"latest"` Tag string `yaml:"tag" default:"latest"`
ImagePullPolicy string `yaml:"imagepullpolicy" default:"Always"` ImagePullPolicy string `yaml:"imagepullpolicy" default:"Always"`
ImagePullSecrets []string `yaml:"imagepullsecrets"`
} }
type ResourcesConfig struct { type ResourcesConfig struct {

10
kubernetes/provider.go
View File

@ -177,6 +177,7 @@ type PodOptions struct {
ServiceAccountName string ServiceAccountName string
Resources Resources Resources Resources
ImagePullPolicy core.PullPolicy ImagePullPolicy core.PullPolicy
ImagePullSecrets []core.LocalObjectReference
Debug bool Debug bool
} }
@ -251,6 +252,7 @@ func (provider *Provider) BuildHubPod(opts *PodOptions) (*core.Pod, error) {
Effect: core.TaintEffectNoSchedule, Effect: core.TaintEffectNoSchedule,
}, },
}, },
ImagePullSecrets: opts.ImagePullSecrets,
}, },
} }
@ -353,6 +355,7 @@ func (provider *Provider) BuildFrontPod(opts *PodOptions, hubHost string, hubPor
Effect: core.TaintEffectNoSchedule, Effect: core.TaintEffectNoSchedule,
}, },
}, },
ImagePullSecrets: opts.ImagePullSecrets,
}, },
} }
@ -664,6 +667,7 @@ func (provider *Provider) ApplyWorkerDaemonSet(
serviceAccountName string, serviceAccountName string,
resources Resources, resources Resources,
imagePullPolicy core.PullPolicy, imagePullPolicy core.PullPolicy,
imagePullSecrets []core.LocalObjectReference,
serviceMesh bool, serviceMesh bool,
tls bool, tls bool,
debug bool, debug bool,
@ -812,6 +816,12 @@ func (provider *Provider) ApplyWorkerDaemonSet(
podSpec.WithTolerations(noExecuteToleration, noScheduleToleration) podSpec.WithTolerations(noExecuteToleration, noScheduleToleration)
podSpec.WithVolumes(procfsVolume, sysfsVolume) podSpec.WithVolumes(procfsVolume, sysfsVolume)
localObjectReference := applyconfcore.LocalObjectReference()
for _, secret := range imagePullSecrets {
localObjectReference.WithName(secret.Name)
}
podSpec.WithImagePullSecrets(localObjectReference)
podTemplate := applyconfcore.PodTemplateSpec() podTemplate := applyconfcore.PodTemplateSpec()
podTemplate.WithLabels(map[string]string{ podTemplate.WithLabels(map[string]string{
"app": workerPodName, "app": workerPodName,

2
kubernetes/workerSyncer.go
View File

@ -42,6 +42,7 @@ type WorkerSyncerConfig struct {
SelfNamespace string SelfNamespace string
WorkerResources Resources WorkerResources Resources
ImagePullPolicy v1.PullPolicy ImagePullPolicy v1.PullPolicy
ImagePullSecrets []v1.LocalObjectReference
SelfServiceAccountExists bool SelfServiceAccountExists bool
ServiceMesh bool ServiceMesh bool
Tls bool Tls bool
@ -363,6 +364,7 @@ func (workerSyncer *WorkerSyncer) updateWorkers() error {
serviceAccountName, serviceAccountName,
workerSyncer.config.WorkerResources, workerSyncer.config.WorkerResources,
workerSyncer.config.ImagePullPolicy, workerSyncer.config.ImagePullPolicy,
workerSyncer.config.ImagePullSecrets,
workerSyncer.config.ServiceMesh, workerSyncer.config.ServiceMesh,
workerSyncer.config.Tls, workerSyncer.config.Tls,
workerSyncer.config.Debug); err != nil { workerSyncer.config.Debug); err != nil {

4
resources/createResources.go
View File

@ -13,7 +13,7 @@ import (
core "k8s.io/api/core/v1" core "k8s.io/api/core/v1"
) )
func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, isNsRestrictedMode bool, selfNamespace string, hubResources kubernetes.Resources, imagePullPolicy core.PullPolicy, debug bool) (bool, error) { func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, isNsRestrictedMode bool, selfNamespace string, hubResources kubernetes.Resources, imagePullPolicy core.PullPolicy, imagePullSecrets []core.LocalObjectReference, debug bool) (bool, error) {
if !isNsRestrictedMode { if !isNsRestrictedMode {
if err := createSelfNamespace(ctx, kubernetesProvider, selfNamespace); err != nil { if err := createSelfNamespace(ctx, kubernetesProvider, selfNamespace); err != nil {
return false, err return false, err
@ -39,6 +39,7 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
ServiceAccountName: serviceAccountName, ServiceAccountName: serviceAccountName,
Resources: hubResources, Resources: hubResources,
ImagePullPolicy: imagePullPolicy, ImagePullPolicy: imagePullPolicy,
ImagePullSecrets: imagePullSecrets,
Debug: debug, Debug: debug,
} }
@ -49,6 +50,7 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
ServiceAccountName: serviceAccountName, ServiceAccountName: serviceAccountName,
Resources: hubResources, Resources: hubResources,
ImagePullPolicy: imagePullPolicy, ImagePullPolicy: imagePullPolicy,
ImagePullSecrets: imagePullSecrets,
Debug: debug, Debug: debug,
} }