Skip to content

Commit

Permalink
Fix edgebox appinst bringup from private registry (#1454)
Browse files Browse the repository at this point in the history
  • Loading branch information
ashxjain authored and venkytv committed Apr 27, 2021
1 parent e551699 commit 06e2cfb
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 16 deletions.
54 changes: 39 additions & 15 deletions crm-platforms/edgebox/edgebox-appinst.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,41 @@ import (
"context"
"fmt"
"net"
"strings"

"github.com/mobiledgex/edge-cloud-infra/infracommon"
"github.com/mobiledgex/edge-cloud/cloud-resource-manager/k8smgmt"
"github.com/mobiledgex/edge-cloud/cloud-resource-manager/platform/dind"
"github.com/mobiledgex/edge-cloud/cloudcommon"
"github.com/mobiledgex/edge-cloud/edgeproto"
"github.com/mobiledgex/edge-cloud/log"
"github.com/mobiledgex/edge-cloud/util"
v1 "k8s.io/api/core/v1"
)

// Use secrets from env-var as we already have console creds,
// which limits user to access its own org images
func (e *EdgeboxPlatform) getDockerCredsFromEnv(imgPath string) (*cloudcommon.RegistryAuth, error) {
dockerUser, dockerPass := e.GetEdgeboxDockerCreds()
existingCreds := cloudcommon.RegistryAuth{}
existingCreds.AuthType = cloudcommon.BasicAuth
existingCreds.Username = dockerUser
existingCreds.Password = dockerPass
urlObj, err := util.ImagePathParse(imgPath)
if err != nil {
return nil, err
}
hostname := strings.Split(urlObj.Host, ":")
if len(hostname) < 1 {
return nil, fmt.Errorf("empty hostname")
}
existingCreds.Hostname = hostname[0]
if len(hostname) > 1 {
existingCreds.Port = hostname[1]
}
return &existingCreds, nil
}

func (e *EdgeboxPlatform) CreateAppInst(ctx context.Context, clusterInst *edgeproto.ClusterInst, app *edgeproto.App, appInst *edgeproto.AppInst, flavor *edgeproto.Flavor, updateCallback edgeproto.CacheUpdateCallback) error {
client, err := e.generic.GetClusterPlatformClient(ctx, clusterInst, cloudcommon.ClientTypeRootLB)
if err != nil {
Expand All @@ -34,16 +59,15 @@ func (e *EdgeboxPlatform) CreateAppInst(ctx context.Context, clusterInst *edgepr
return err
}
names.IsUriIPAddr = true
// Setup secrets only for K8s app. For docker, we already do it as part of edgebox script
// Use secrets from env-var as we already have console creds, which limits user to access its own org images
dockerUser, dockerPass := e.GetEdgeboxDockerCreds()
existingCreds := cloudcommon.RegistryAuth{}
existingCreds.AuthType = cloudcommon.BasicAuth
existingCreds.Username = dockerUser
existingCreds.Password = dockerPass
if app.Deployment != cloudcommon.DeploymentTypeDocker {
for _, imagePath := range names.ImagePaths {
err = infracommon.CreateDockerRegistrySecret(ctx, client, k8smgmt.GetKconfName(clusterInst), imagePath, e.commonPf.PlatformConfig.AccessApi, names, &existingCreds)
// Setup secrets only for K8s app. For docker, we already do
// it as part of edgebox script.
existingCreds, err := e.getDockerCredsFromEnv(imagePath)
if err != nil {
return err
}
err = infracommon.CreateDockerRegistrySecret(ctx, client, k8smgmt.GetKconfName(clusterInst), imagePath, e.commonPf.PlatformConfig.AccessApi, names, existingCreds)
if err != nil {
return err
}
Expand Down Expand Up @@ -114,19 +138,19 @@ func (e *EdgeboxPlatform) UpdateAppInst(ctx context.Context, clusterInst *edgepr
return err
}
if app.Deployment == cloudcommon.DeploymentTypeKubernetes || app.Deployment == cloudcommon.DeploymentTypeHelm {
// Use secrets from env-var as we already have console creds, which limits user to access its own org images
dockerUser, dockerPass := e.GetEdgeboxDockerCreds()
existingCreds := cloudcommon.RegistryAuth{}
existingCreds.Username = dockerUser
existingCreds.Password = dockerPass
kconf := k8smgmt.GetKconfName(clusterInst)
for _, imagePath := range names.ImagePaths {
// Use secrets from env-var as we already have console creds, which limits user to access its own org images
existingCreds, err := e.getDockerCredsFromEnv(imagePath)
if err != nil {
return err
}
// secret may have changed, so delete and re-create
err = infracommon.DeleteDockerRegistrySecret(ctx, client, kconf, imagePath, e.commonPf.PlatformConfig.AccessApi, names, &existingCreds)
err = infracommon.DeleteDockerRegistrySecret(ctx, client, kconf, imagePath, e.commonPf.PlatformConfig.AccessApi, names, existingCreds)
if err != nil {
return err
}
err = infracommon.CreateDockerRegistrySecret(ctx, client, kconf, imagePath, e.commonPf.PlatformConfig.AccessApi, names, &existingCreds)
err = infracommon.CreateDockerRegistrySecret(ctx, client, kconf, imagePath, e.commonPf.PlatformConfig.AccessApi, names, existingCreds)
if err != nil {
return err
}
Expand Down
2 changes: 2 additions & 0 deletions crm-platforms/edgebox/edgebox-cloudlet.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ func (e *EdgeboxPlatform) CreateCloudlet(ctx context.Context, cloudlet *edgeprot

func (e *EdgeboxPlatform) UpdateCloudlet(ctx context.Context, cloudlet *edgeproto.Cloudlet, updateCallback edgeproto.CacheUpdateCallback) error {
log.SpanLog(ctx, log.DebugLevelInfra, "update cloudlet for edgebox")
// Update envvars
e.commonPf.Properties.UpdatePropsFromVars(ctx, cloudlet.EnvVar)
return nil
}

Expand Down
2 changes: 1 addition & 1 deletion infracommon/kubectl.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ func CreateDockerRegistrySecret(ctx context.Context, client ssh.Client, kconf st
// may put multiple apps in the same ClusterInst and they may come
// from different registries.
cmd := fmt.Sprintf("kubectl create secret docker-registry %s "+
"--docker-server=%s --docker-username=%s --docker-password=%s "+
"--docker-server=%s --docker-username='%s' --docker-password='%s' "+
"[email protected] --kubeconfig=%s",
secretName, dockerServer, auth.Username, auth.Password,
kconf)
Expand Down

0 comments on commit 06e2cfb

Please sign in to comment.