From 2396fc848e2605dfa5e00e760760bb29664f3a8f Mon Sep 17 00:00:00 2001 From: Mike Ludwig Date: Mon, 27 Jul 2020 15:16:17 -0400 Subject: [PATCH] docker login on invoker pods when using private registry --- .../configMapFiles/dockerLogin/dockerLogin.sh | 1 + helm/openwhisk/templates/_helpers.tpl | 5 ++++ helm/openwhisk/templates/invoker-cm.yaml | 1 + helm/openwhisk/templates/invoker-pod.yaml | 26 ++++++++++++++++--- 4 files changed, 30 insertions(+), 3 deletions(-) create mode 100755 helm/openwhisk/configMapFiles/dockerLogin/dockerLogin.sh diff --git a/helm/openwhisk/configMapFiles/dockerLogin/dockerLogin.sh b/helm/openwhisk/configMapFiles/dockerLogin/dockerLogin.sh new file mode 100755 index 00000000..42682b65 --- /dev/null +++ b/helm/openwhisk/configMapFiles/dockerLogin/dockerLogin.sh @@ -0,0 +1 @@ +docker login $RUNTIMES_REGISTRY -u $RUNTIMES_REGISTRY_USERNAME -p $RUNTIMES_REGISTRY_PASSWORD diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl index f57c5781..108f87b1 100644 --- a/helm/openwhisk/templates/_helpers.tpl +++ b/helm/openwhisk/templates/_helpers.tpl @@ -310,6 +310,11 @@ imagePullSecrets: mountPath: "/invoker-scripts/configureDNS.sh" subPath: "configureDNS.sh" {{- end }} +{{- if ne .Values.docker.registry.name "" }} + - name: scripts-dir + mountPath: "/invoker-scripts/dockerLogin.sh" + subPath: "dockerLogin.sh" +{{- end }} {{- end }} {{- end }} diff --git a/helm/openwhisk/templates/invoker-cm.yaml b/helm/openwhisk/templates/invoker-cm.yaml index a09f5075..0c689a31 100644 --- a/helm/openwhisk/templates/invoker-cm.yaml +++ b/helm/openwhisk/templates/invoker-cm.yaml @@ -24,3 +24,4 @@ metadata: data: {{ (.Files.Glob "configMapFiles/dockerPullRuntimes/playbook.yml").AsConfig | indent 2 }} {{ (.Files.Glob "configMapFiles/configureDNS/configureDNS.sh").AsConfig | indent 2 }} +{{ (.Files.Glob "configMapFiles/dockerLogin/dockerLogin.sh").AsConfig | indent 2 }} diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml index a7674d55..f3544ac8 100644 --- a/helm/openwhisk/templates/invoker-pod.yaml +++ b/helm/openwhisk/templates/invoker-pod.yaml @@ -83,11 +83,17 @@ spec: - name: invoker image: "{{- .Values.docker.registry.name -}}{{- .Values.invoker.imageName -}}:{{- .Values.invoker.imageTag -}}" imagePullPolicy: {{ .Values.invoker.imagePullPolicy | quote }} + command: + - /bin/bash + - -c + - +{{- if ne .Values.docker.registry.name "" }} + . /invoker-scripts/dockerLogin.sh && +{{- end }} {{- if and (eq .Values.invoker.containerFactory.impl "docker") .Values.invoker.containerFactory.networkConfig.dns.inheritInvokerConfig }} - command: [ "/bin/bash", "-c", ". /invoker-scripts/configureDNS.sh && /init.sh --uniqueName $INVOKER_NAME" ] -{{- else }} - command: [ "/bin/bash", "-c", "/init.sh --uniqueName $INVOKER_NAME" ] + . /invoker-scripts/configureDNS.sh && {{- end }} + /init.sh --uniqueName $INVOKER_NAME env: - name: "PORT" value: {{ .Values.invoker.port | quote }} @@ -207,6 +213,20 @@ spec: {{- end }} - name: "CONFIG_whisk_helm_release" value: "{{ .Release.Name }}" +{{- if ne .Values.docker.registry.name "" }} + - name: "RUNTIMES_REGISTRY" + value: "{{- .Values.docker.registry.name -}}" + - name: "RUNTIMES_REGISTRY_USERNAME" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-docker.registry.auth + key: docker_registry_username + - name: "RUNTIMES_REGISTRY_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-docker.registry.auth + key: docker_registry_password +{{- end }} ports: - name: invoker containerPort: {{ .Values.invoker.port }}