Merge pull request #2910 from prary/optional_pull_secret

Optional pull secret
GoogleContainerTools · Sep 23, 2019 · cc7dcc3 · cc7dcc3
2 parents bd8b396 + 295708b
commit cc7dcc3
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 80 deletions.
diff --git a/pkg/skaffold/build/cluster/sources/sources.go b/pkg/skaffold/build/cluster/sources/sources.go
@@ -82,70 +82,64 @@ func podTemplate(clusterDetails *latest.ClusterDetails, artifact *latest.KanikoA
 					Args:            args,
 					ImagePullPolicy: v1.PullIfNotPresent,
 					Env:             env,
-					VolumeMounts: []v1.VolumeMount{
-						{
-							Name:      constants.DefaultKanikoSecretName,
-							MountPath: "/secret",
-						},
-					},
-					Resources: resourceRequirements(clusterDetails.Resources),
+					Resources:       resourceRequirements(clusterDetails.Resources),
 				},
 			},
 			RestartPolicy: v1.RestartPolicyNever,
-			Volumes: []v1.Volume{{
-				Name: constants.DefaultKanikoSecretName,
-				VolumeSource: v1.VolumeSource{
-					Secret: &v1.SecretVolumeSource{
-						SecretName: clusterDetails.PullSecretName,
-					},
-				},
-			},
-			},
 		},
 	}
 
-	if artifact.Cache != nil && artifact.Cache.HostPath != "" {
-		volumeMount := v1.VolumeMount{
-			Name:      constants.DefaultKanikoCacheDirName,
-			MountPath: constants.DefaultKanikoCacheDirMountPath,
-		}
-
-		pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, volumeMount)
+	// Add secret for pull secret
+	if clusterDetails.PullSecretName != "" {
+		addSecretVolume(pod, constants.DefaultKanikoSecretName, "/secret", clusterDetails.PullSecretName)
+	}
 
-		volume := v1.Volume{
-			Name: constants.DefaultKanikoCacheDirName,
-			VolumeSource: v1.VolumeSource{
-				HostPath: &v1.HostPathVolumeSource{
-					Path: artifact.Cache.HostPath,
-				},
-			},
-		}
-		pod.Spec.Volumes = append(pod.Spec.Volumes, volume)
+	// Add host path volume for cache
+	if artifact.Cache != nil && artifact.Cache.HostPath != "" {
+		addHostPathVolume(pod, constants.DefaultKanikoCacheDirName, constants.DefaultKanikoCacheDirMountPath, artifact.Cache.HostPath)
 	}
 
 	if clusterDetails.DockerConfig == nil {
 		return pod
 	}
 
-	volumeMount := v1.VolumeMount{
-		Name:      constants.DefaultKanikoDockerConfigSecretName,
-		MountPath: constants.DefaultKanikoDockerConfigPath,
-	}
-
-	pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, volumeMount)
+	// Add secret for docker config if specified
+	addSecretVolume(pod, constants.DefaultKanikoDockerConfigSecretName, constants.DefaultKanikoDockerConfigPath, clusterDetails.DockerConfig.SecretName)
+	return pod
+}
 
-	volume := v1.Volume{
-		Name: constants.DefaultKanikoDockerConfigSecretName,
+func addSecretVolume(pod *v1.Pod, name, mountPath, secretName string) {
+	vm := v1.VolumeMount{
+		Name:      name,
+		MountPath: mountPath,
+	}
+	v := v1.Volume{
+		Name: name,
 		VolumeSource: v1.VolumeSource{
 			Secret: &v1.SecretVolumeSource{
-				SecretName: clusterDetails.DockerConfig.SecretName,
+				SecretName: secretName,
 			},
 		},
 	}
+	pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, vm)
+	pod.Spec.Volumes = append(pod.Spec.Volumes, v)
+}
 
-	pod.Spec.Volumes = append(pod.Spec.Volumes, volume)
-
-	return pod
+func addHostPathVolume(pod *v1.Pod, name, mountPath, path string) {
+	vm := v1.VolumeMount{
+		Name:      name,
+		MountPath: mountPath,
+	}
+	v := v1.Volume{
+		Name: name,
+		VolumeSource: v1.VolumeSource{
+			HostPath: &v1.HostPathVolumeSource{
+				Path: path,
+			},
+		},
+	}
+	pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, vm)
+	pod.Spec.Volumes = append(pod.Spec.Volumes, v)
 }
 
 func setProxy(clusterDetails *latest.ClusterDetails, env []v1.EnvVar) []v1.EnvVar {

diff --git a/pkg/skaffold/build/cluster/sources/sources_test.go b/pkg/skaffold/build/cluster/sources/sources_test.go
@@ -59,21 +59,9 @@ func TestPodTemplate(t *testing.T) {
 								Name:  "UPSTREAM_CLIENT_TYPE",
 								Value: "UpstreamClient(skaffold-test)",
 							}},
-							VolumeMounts: []v1.VolumeMount{{
-								Name:      "kaniko-secret",
-								MountPath: "/secret",
-							}},
 							ImagePullPolicy: v1.PullPolicy("IfNotPresent"),
 						},
 					},
-					Volumes: []v1.Volume{{
-						Name: "kaniko-secret",
-						VolumeSource: v1.VolumeSource{
-							Secret: &v1.SecretVolumeSource{
-								SecretName: "",
-							},
-						}},
-					},
 				},
 			},
 		},
@@ -173,25 +161,13 @@ func TestPodTemplate(t *testing.T) {
 							Name:  "UPSTREAM_CLIENT_TYPE",
 							Value: "UpstreamClient(skaffold-test)",
 						}},
-						VolumeMounts: []v1.VolumeMount{{
-							Name:      "kaniko-secret",
-							MountPath: "/secret",
-						}},
 						ImagePullPolicy: v1.PullPolicy("IfNotPresent"),
 						Resources: createResourceRequirements(
 							resource.MustParse("1.0"),
 							resource.MustParse("2000"),
 							resource.MustParse("0.5"),
 							resource.MustParse("1000")),
 					}},
-					Volumes: []v1.Volume{{
-						Name: "kaniko-secret",
-						VolumeSource: v1.VolumeSource{
-							Secret: &v1.SecretVolumeSource{
-								SecretName: "",
-							},
-						},
-					}},
 				},
 			},
 		},
@@ -222,22 +198,12 @@ func TestPodTemplate(t *testing.T) {
 							Value: "UpstreamClient(skaffold-test)",
 						}},
 						VolumeMounts: []v1.VolumeMount{{
-							Name:      "kaniko-secret",
-							MountPath: "/secret",
-						}, {
 							Name:      "kaniko-cache",
 							MountPath: "/cache",
 						}},
 						ImagePullPolicy: v1.PullPolicy("IfNotPresent"),
 					}},
 					Volumes: []v1.Volume{{
-						Name: "kaniko-secret",
-						VolumeSource: v1.VolumeSource{
-							Secret: &v1.SecretVolumeSource{
-								SecretName: "",
-							},
-						},
-					}, {
 						Name: "kaniko-cache",
 						VolumeSource: v1.VolumeSource{
 							HostPath: &v1.HostPathVolumeSource{

diff --git a/pkg/skaffold/schema/defaults/defaults.go b/pkg/skaffold/schema/defaults/defaults.go
@@ -210,13 +210,13 @@ func setDefaultClusterTimeout(cluster *latest.ClusterDetails) error {
 }
 
 func setDefaultClusterPullSecret(cluster *latest.ClusterDetails) error {
-	cluster.PullSecretName = valueOrDefault(cluster.PullSecretName, constants.DefaultKanikoSecretName)
 	if cluster.PullSecret != "" {
 		absPath, err := homedir.Expand(cluster.PullSecret)
 		if err != nil {
 			return fmt.Errorf("unable to expand pullSecret %s", cluster.PullSecret)
 		}
 		cluster.PullSecret = absPath
+		cluster.PullSecretName = valueOrDefault(cluster.PullSecretName, constants.DefaultKanikoSecretName)
 		return nil
 	}
 	return nil

diff --git a/pkg/skaffold/schema/defaults/defaults_test.go b/pkg/skaffold/schema/defaults/defaults_test.go
@@ -94,6 +94,22 @@ func TestSetDefaultsOnCluster(t *testing.T) {
 		t.CheckNoError(err)
 		t.CheckDeepEqual("ns", cfg.Build.Cluster.Namespace)
 		t.CheckDeepEqual(constants.DefaultKanikoTimeout, cfg.Build.Cluster.Timeout)
+
+		// pull secret set
+		cfg = &latest.SkaffoldConfig{
+			Pipeline: latest.Pipeline{
+				Build: latest.BuildConfig{
+					BuildType: latest.BuildType{
+						Cluster: &latest.ClusterDetails{
+							PullSecret: "path/to/pull/secret",
+						},
+					},
+				},
+			},
+		}
+		err = Set(cfg)
+
+		t.CheckNoError(err)
 		t.CheckDeepEqual(constants.DefaultKanikoSecretName, cfg.Build.Cluster.PullSecretName)
 
 		// default docker config

diff --git a/pkg/skaffold/schema/versions_test.go b/pkg/skaffold/schema/versions_test.go
@@ -172,7 +172,7 @@ func TestParseConfig(t *testing.T) {
 			description: "Minimal Kaniko config",
 			config:      minimalKanikoConfig,
 			expected: config(
-				withClusterBuild("kaniko-secret", "default", "", "20m",
+				withClusterBuild("", "default", "", "20m",
 					withGitTagger(),
 					withKanikoArtifact("image1", "./examples/app1", "Dockerfile", "demo"),
 				),