create registry credentials secret (#7530)

pkg/clustermanager/cluster_manager.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"math"
+	"os"
 	"reflect"
 	"regexp"
 	"strings"
@@ -738,6 +739,26 @@ func compareEKSAClusterSpec(ctx context.Context, currentClusterSpec, newClusterS
 	return false, nil
 }
 
+// CreateRegistryCredSecret creates the registry-credentials secret on a managment cluster.
+func (c *ClusterManager) CreateRegistryCredSecret(ctx context.Context, mgmt *types.Cluster) error {
+	secret := &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: corev1.SchemeGroupVersion.Version,
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: constants.EksaSystemNamespace,
+			Name:      "registry-credentials",
+		},
+		StringData: map[string]string{
+			"username": os.Getenv("REGISTRY_USERNAME"),
+			"password": os.Getenv("REGISTRY_PASSWORD"),
+		},
+	}
+
+	return c.clusterClient.Apply(ctx, mgmt.KubeconfigFile, secret)
+}
+
 // InstallCAPI installs the cluster-api components in a cluster.
 func (c *ClusterManager) InstallCAPI(ctx context.Context, managementComponents *cluster.ManagementComponents, clusterSpec *cluster.Spec, cluster *types.Cluster, provider providers.Provider) error {
 	err := c.clusterClient.InitInfrastructure(ctx, managementComponents, clusterSpec, cluster, provider)

pkg/clustermanager/cluster_manager_test.go

@@ -2934,6 +2934,30 @@ func TestCreateAwsIamAuthCaSecretSuccess(t *testing.T) {
 	tt.Expect(err).To(BeNil())
 }
 
+func TestCreateRegistryCredSecretSuccess(t *testing.T) {
+	tt := newTest(t)
+
+	secret := &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: corev1.SchemeGroupVersion.Version,
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: constants.EksaSystemNamespace,
+			Name:      "registry-credentials",
+		},
+		StringData: map[string]string{
+			"username": "",
+			"password": "",
+		},
+	}
+
+	tt.mocks.client.EXPECT().Apply(tt.ctx, tt.cluster.KubeconfigFile, secret).Return(nil)
+
+	err := tt.clusterManager.CreateRegistryCredSecret(tt.ctx, tt.cluster)
+	tt.Expect(err).To(BeNil())
+}
+
 func TestClusterManagerDeleteClusterSelfManagedCluster(t *testing.T) {
 	tt := newTest(t)
 	managementCluster := &types.Cluster{

pkg/workflows/interfaces/interfaces.go

@@ -55,6 +55,7 @@ type ClusterManager interface {
 	InstallAwsIamAuth(ctx context.Context, managementCluster, workloadCluster *types.Cluster, clusterSpec *cluster.Spec) error
 	CreateAwsIamAuthCaSecret(ctx context.Context, bootstrapCluster *types.Cluster, workloadClusterName string) error
 	DeletePackageResources(ctx context.Context, managementCluster *types.Cluster, clusterName string) error
+	CreateRegistryCredSecret(ctx context.Context, mgmt *types.Cluster) error
 }
 
 type GitOpsManager interface {

pkg/workflows/management/create_bootstrap.go

@@ -25,7 +25,7 @@ func (s *createBootStrapClusterTask) Run(ctx context.Context, commandContext *ta
 	}
 	commandContext.BootstrapCluster = bootstrapCluster
 
-	return &installCAPIComponentsTask{}
+	return &updateSecretsCreate{}
 }
 
 func (s *createBootStrapClusterTask) Name() string {

pkg/workflows/management/create_test.go

@@ -136,6 +136,10 @@ func (c *createTestSetup) expectCreateBootstrap() {
 	)
 }
 
+func (c *createTestSetup) expectCreateRegistrySecret(err error) {
+	c.clusterManager.EXPECT().CreateRegistryCredSecret(c.ctx, c.bootstrapCluster).Return(err)
+}
+
 func (c *createTestSetup) expectCAPIInstall(err1, err2, err3 error) {
 	gomock.InOrder(
 		c.provider.EXPECT().PreCAPIInstallOnBootstrap(
@@ -316,6 +320,24 @@ func TestCreateBootstrapFailure(t *testing.T) {
 	}
 }
 
+func TestCreateRegistrySecretFailure(t *testing.T) {
+	c := newCreateTest(t)
+	c.clusterSpec.Cluster.Spec.RegistryMirrorConfiguration = &v1alpha1.RegistryMirrorConfiguration{Authenticate: true}
+	c.expectSetup()
+	c.expectCreateBootstrap()
+	c.expectPreflightValidationsToPass()
+
+	c.expectCreateRegistrySecret(fmt.Errorf(""))
+
+	c.clusterManager.EXPECT().SaveLogsManagementCluster(c.ctx, c.clusterSpec, c.bootstrapCluster)
+	c.writer.EXPECT().Write(fmt.Sprintf("%s-checkpoint.yaml", c.clusterSpec.Cluster.Name), gomock.Any())
+
+	err := c.run()
+	if err == nil {
+		t.Fatalf("Create.Run() expected to return an error %v", err)
+	}
+}
+
 func TestCreatePreCAPIFailure(t *testing.T) {
 	c := newCreateTest(t)
 	c.expectSetup()

pkg/workflows/management/secrets.go

@@ -8,6 +8,7 @@ import (
 )
 
 type updateSecrets struct{}
+type updateSecretsCreate struct{}
 
 // Run updateSecrets updates management cluster's secrets.
 func (s *updateSecrets) Run(ctx context.Context, commandContext *task.CommandContext) task.Task {
@@ -32,3 +33,31 @@ func (s *updateSecrets) Checkpoint() *task.CompletedTask {
 func (s *updateSecrets) Restore(ctx context.Context, commandContext *task.CommandContext, completedTask *task.CompletedTask) (task.Task, error) {
 	return &ensureEtcdCAPIComponentsExist{}, nil
 }
+
+// Run updateSecrets updates management cluster's secrets.
+func (s *updateSecretsCreate) Run(ctx context.Context, commandContext *task.CommandContext) task.Task {
+	if !commandContext.ClusterSpec.Cluster.RegistryAuth() {
+		return &installCAPIComponentsTask{}
+	}
+
+	err := commandContext.ClusterManager.CreateRegistryCredSecret(ctx, commandContext.BootstrapCluster)
+	if err != nil {
+		commandContext.SetError(err)
+		return &workflows.CollectMgmtClusterDiagnosticsTask{}
+	}
+	return &installCAPIComponentsTask{}
+}
+
+func (s *updateSecretsCreate) Name() string {
+	return "update-secrets-create"
+}
+
+func (s *updateSecretsCreate) Checkpoint() *task.CompletedTask {
+	return &task.CompletedTask{
+		Checkpoint: nil,
+	}
+}
+
+func (s *updateSecretsCreate) Restore(ctx context.Context, commandContext *task.CommandContext, completedTask *task.CompletedTask) (task.Task, error) {
+	return nil, nil
+}