Add support for docker registry secret

smbecker · brandond · commit 9f2eeec3c48a · 2023-06-28T12:05:46.000-07:00
This allows OCI registries to inherit configuration from the configured docker-registry secret

Signed-off-by: Shaun Becker &lt;smbecker@gmail.com&gt;
diff --git a/pkg/apis/helm.cattle.io/v1/types.go b/pkg/apis/helm.cattle.io/v1/types.go
@@ -36,7 +36,8 @@ type HelmChartSpec struct {
 	FailurePolicy   string                        `json:"failurePolicy,omitempty"`
 	AuthSecret      *corev1.LocalObjectReference  `json:"authSecret,omitempty"`
 
-	AuthPassCredentials bool `json:"authPassCredentials,omitempty"`
+	AuthPassCredentials  bool                         `json:"authPassCredentials,omitempty"`
+	DockerRegistrySecret *corev1.LocalObjectReference `json:"dockerRegistrySecret,omitempty"`
 }
 
 type HelmChartStatus struct {
diff --git a/pkg/apis/helm.cattle.io/v1/zz_generated_deepcopy.go b/pkg/apis/helm.cattle.io/v1/zz_generated_deepcopy.go
diff --git a/pkg/controllers/chart/chart.go b/pkg/controllers/chart/chart.go
@@ -490,6 +490,7 @@ func job(chart *v1.HelmChart) (*batch.Job, *corev1.Secret, *corev1.ConfigMap) {
 
 	setProxyEnv(job)
 	setAuthSecret(job, chart)
+	setDockerRegistrySecret(job, chart)
 	setRepoCAConfigMap(job, chart)
 	valuesSecret := setValuesSecret(job, chart)
 	contentConfigMap := setContentConfigMap(job, chart)
@@ -746,6 +747,28 @@ func setAuthSecret(job *batch.Job, chart *v1.HelmChart) {
 	}
 }
 
+func setDockerRegistrySecret(job *batch.Job, chart *v1.HelmChart) {
+	if secret := chart.Spec.DockerRegistrySecret; secret != nil {
+		job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, corev1.Volume{
+			Name: "dockerconfig",
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: secret.Name,
+					Items: []corev1.KeyToPath{{
+						Key:  ".dockerconfigjson",
+						Path: "config.json",
+					}},
+				},
+			},
+		})
+
+		job.Spec.Template.Spec.Containers[0].VolumeMounts = append(job.Spec.Template.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
+			MountPath: "/home/klipper-helm/.docker",
+			Name:      "dockerconfig",
+		})
+	}
+}
+
 func setRepoCAConfigMap(job *batch.Job, chart *v1.HelmChart) {
 	if cm := chart.Spec.RepoCAConfigMap; cm != nil {
 		job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, corev1.Volume{

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,8 @@ type HelmChartSpec struct {`
`36`	`36`	FailurePolicy string `json:"failurePolicy,omitempty"`
`37`	`37`	AuthSecret *corev1.LocalObjectReference `json:"authSecret,omitempty"`
`38`	`38`
`39`		- AuthPassCredentials bool `json:"authPassCredentials,omitempty"`
	`39`	+ AuthPassCredentials bool `json:"authPassCredentials,omitempty"`
	`40`	+ DockerRegistrySecret *corev1.LocalObjectReference `json:"dockerRegistrySecret,omitempty"`
`40`	`41`	`}`
`41`	`42`
`42`	`43`	`type HelmChartStatus struct {`