kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up "create secret dockerconfig"

This commit is contained in:
John Gardiner Myers 2021-07-24 12:25:52 -07:00
parent 0f5dcc2303
commit a4b91dab0d
3 changed files with 50 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
cmd/kops/create_secret_dockerconfig.go
View File

@ -22,39 +22,41 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"os"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"k8s.io/kops/cmd/kops/util" "k8s.io/kops/cmd/kops/util"
"k8s.io/kops/pkg/commands/commandutils"
"k8s.io/kops/upup/pkg/fi" "k8s.io/kops/upup/pkg/fi"
"k8s.io/kubectl/pkg/util/i18n" "k8s.io/kubectl/pkg/util/i18n"
"k8s.io/kubectl/pkg/util/templates" "k8s.io/kubectl/pkg/util/templates"
) )
var ( var (
createSecretDockerconfigLong = templates.LongDesc(i18n.T(` createSecretDockerConfigLong = templates.LongDesc(i18n.T(`
Create a new docker config, and store it in the state store. Create a new Docker config and store it in the state store.
Used to configure docker on each master or node (i.e. for auth) Used to configure Docker authentication on each node.
Use update to modify it, this command will only create a new entry.
After creating a dockerconfig secret, a /root/.docker/config.json file After creating a dockerconfig secret a /root/.docker/config.json file
will be added to newly created nodes. This file will be used by Kubernetes will be added to newly created nodes. This file will be used by Kubernetes
to authenticate to container registries and will also work when using to authenticate to container registries.
containerd as container runtime.`))
createSecretDockerconfigExample = templates.Examples(i18n.T(` This will also work when using containerd as the container runtime.`))
# Create a new docker config.
createSecretDockerConfigExample = templates.Examples(i18n.T(`
# Create a new Docker config.
kops create secret dockerconfig -f /path/to/docker/config.json \ kops create secret dockerconfig -f /path/to/docker/config.json \
--name k8s-cluster.example.com --state s3://my-state-store --name k8s-cluster.example.com --state s3://my-state-store
# Create a docker config via stdin. # Create a docker config via stdin.
generate-docker-config.sh | kops create secret dockerconfig -f - \ generate-docker-config.sh | kops create secret dockerconfig -f - \
--name k8s-cluster.example.com --state s3://my-state-store --name k8s-cluster.example.com --state s3://my-state-store
# Replace an existing docker config secret. # Replace an existing docker config secret.
kops create secret dockerconfig -f /path/to/docker/config.json --force \ kops create secret dockerconfig -f /path/to/docker/config.json --force \
--name k8s-cluster.example.com --state s3://my-state-store --name k8s-cluster.example.com --state s3://my-state-store
`)) `))
createSecretDockerconfigShort = i18n.T(`Create a docker config.`) createSecretDockerConfigShort = i18n.T(`Create a Docker config.`)
) )
type CreateSecretDockerConfigOptions struct { type CreateSecretDockerConfigOptions struct {
@ -67,46 +69,28 @@ func NewCmdCreateSecretDockerConfig(f *util.Factory, out io.Writer) *cobra.Comma
options := &CreateSecretDockerConfigOptions{} options := &CreateSecretDockerConfigOptions{}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "dockerconfig", Use: "dockerconfig [CLUSTER] -f FILENAME",
Short: createSecretDockerconfigShort, Short: createSecretDockerConfigShort,
Long: createSecretDockerconfigLong, Long: createSecretDockerConfigLong,
Example: createSecretDockerconfigExample, Example: createSecretDockerConfigExample,
Run: func(cmd *cobra.Command, args []string) { Args: rootCommand.clusterNameArgs(&options.ClusterName),
ctx := context.TODO() ValidArgsFunction: commandutils.CompleteClusterName(&rootCommand, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
if len(args) != 0 { return RunCreateSecretDockerConfig(context.TODO(), f, out, options)
exitWithError(fmt.Errorf("syntax: -f <DockerConfigPath>"))
}
err := rootCommand.ProcessArgs(args[0:])
if err != nil {
exitWithError(err)
}
options.ClusterName = rootCommand.ClusterName(true)
err = RunCreateSecretDockerConfig(ctx, f, os.Stdout, options)
if err != nil {
exitWithError(err)
}
}, },
} }
cmd.Flags().StringVarP(&options.DockerConfigPath, "", "f", "", "Path to docker config JSON file") cmd.Flags().StringVarP(&options.DockerConfigPath, "filename", "f", "", "Path to Docker config JSON file")
cmd.Flags().BoolVar(&options.Force, "force", options.Force, "Force replace the kOps secret if it already exists") cmd.MarkFlagRequired("filename")
cmd.RegisterFlagCompletionFunc("filename", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return []string{"json"}, cobra.ShellCompDirectiveFilterFileExt
})
cmd.Flags().BoolVar(&options.Force, "force", options.Force, "Force replace the secret if it already exists")
return cmd return cmd
} }
func RunCreateSecretDockerConfig(ctx context.Context, f *util.Factory, out io.Writer, options *CreateSecretDockerConfigOptions) error { func RunCreateSecretDockerConfig(ctx context.Context, f *util.Factory, out io.Writer, options *CreateSecretDockerConfigOptions) error {
if options.DockerConfigPath == "" {
return fmt.Errorf("docker config path is required (use -f)")
}
secret, err := fi.CreateSecret()
if err != nil {
return fmt.Errorf("error creating docker config secret: %v", err)
}
cluster, err := GetCluster(ctx, f, options.ClusterName) cluster, err := GetCluster(ctx, f, options.ClusterName)
if err != nil { if err != nil {
return err return err
@ -121,39 +105,42 @@ func RunCreateSecretDockerConfig(ctx context.Context, f *util.Factory, out io.Wr
if err != nil { if err != nil {
return err return err
} }
var data []byte var data []byte
if options.DockerConfigPath == "-" { if options.DockerConfigPath == "-" {
data, err = ConsumeStdin() data, err = ConsumeStdin()
if err != nil { if err != nil {
return fmt.Errorf("error reading docker config from stdin: %v", err) return fmt.Errorf("reading Docker config from stdin: %v", err)
} }
} else { } else {
data, err = ioutil.ReadFile(options.DockerConfigPath) data, err = ioutil.ReadFile(options.DockerConfigPath)
if err != nil { if err != nil {
return fmt.Errorf("error reading docker config %v: %v", options.DockerConfigPath, err) return fmt.Errorf("reading Docker config %v: %v", options.DockerConfigPath, err)
} }
} }
var parsedData map[string]interface{} var parsedData map[string]interface{}
err = json.Unmarshal(data, &parsedData) err = json.Unmarshal(data, &parsedData)
if err != nil { if err != nil {
return fmt.Errorf("Unable to parse JSON %v: %v", options.DockerConfigPath, err) return fmt.Errorf("unable to parse JSON %v: %v", options.DockerConfigPath, err)
} }
secret.Data = data secret := &fi.Secret{
Data: data,
}
if !options.Force { if !options.Force {
_, created, err := secretStore.GetOrCreateSecret("dockerconfig", secret) _, created, err := secretStore.GetOrCreateSecret("dockerconfig", secret)
if err != nil { if err != nil {
return fmt.Errorf("error adding dockerconfig secret: %v", err) return fmt.Errorf("adding dockerconfig secret: %v", err)
} }
if !created { if !created {
return fmt.Errorf("failed to create the dockerconfig secret as it already exists. The `--force` flag can be passed to replace an existing secret.") return fmt.Errorf("failed to create the dockerconfig secret as it already exists. Pass the `--force` flag to replace an existing secret")
} }
} else { } else {
_, err := secretStore.ReplaceSecret("dockerconfig", secret) _, err := secretStore.ReplaceSecret("dockerconfig", secret)
if err != nil { if err != nil {
return fmt.Errorf("error updating dockerconfig secret: %v", err) return fmt.Errorf("updating dockerconfig secret: %v", err)
} }
} }

2
docs/cli/kops_create_secret.md generated
View File

@ -36,7 +36,7 @@ Create a secret.
* [kops create](kops_create.md) - Create a resource by command line, filename or stdin. * [kops create](kops_create.md) - Create a resource by command line, filename or stdin.
* [kops create secret ciliumpassword](kops_create_secret_ciliumpassword.md) - Create a Cilium IPsec configuration. * [kops create secret ciliumpassword](kops_create_secret_ciliumpassword.md) - Create a Cilium IPsec configuration.
* [kops create secret dockerconfig](kops_create_secret_dockerconfig.md) - Create a docker config. * [kops create secret dockerconfig](kops_create_secret_dockerconfig.md) - Create a Docker config.
* [kops create secret encryptionconfig](kops_create_secret_encryptionconfig.md) - Create an encryption config. * [kops create secret encryptionconfig](kops_create_secret_encryptionconfig.md) - Create an encryption config.
* [kops create secret weavepassword](kops_create_secret_weavepassword.md) - Create a weave encryption config. * [kops create secret weavepassword](kops_create_secret_weavepassword.md) - Create a weave encryption config.

20
docs/cli/kops_create_secret_dockerconfig.md generated
View File

@ -3,27 +3,31 @@
## kops create secret dockerconfig ## kops create secret dockerconfig
Create a docker config. Create a Docker config.
### Synopsis ### Synopsis
Create a new docker config, and store it in the state store. Used to configure docker on each master or node (i.e. for auth) Use update to modify it, this command will only create a new entry. Create a new Docker config and store it in the state store. Used to configure Docker authentication on each node.
After creating a dockerconfig secret, a /root/.docker/config.json file will be added to newly created nodes. This file will be used by Kubernetes to authenticate to container registries and will also work when using containerd as container runtime. After creating a dockerconfig secret a /root/.docker/config.json file will be added to newly created nodes. This file will be used by Kubernetes to authenticate to container registries.
This will also work when using containerd as the container runtime.
``` ```
kops create secret dockerconfig [flags] kops create secret dockerconfig [CLUSTER] -f FILENAME [flags]
``` ```
### Examples ### Examples
``` ```
# Create a new docker config. # Create a new Docker config.
kops create secret dockerconfig -f /path/to/docker/config.json \ kops create secret dockerconfig -f /path/to/docker/config.json \
--name k8s-cluster.example.com --state s3://my-state-store --name k8s-cluster.example.com --state s3://my-state-store
# Create a docker config via stdin. # Create a docker config via stdin.
generate-docker-config.sh | kops create secret dockerconfig -f - \ generate-docker-config.sh | kops create secret dockerconfig -f - \
--name k8s-cluster.example.com --state s3://my-state-store --name k8s-cluster.example.com --state s3://my-state-store
# Replace an existing docker config secret. # Replace an existing docker config secret.
kops create secret dockerconfig -f /path/to/docker/config.json --force \ kops create secret dockerconfig -f /path/to/docker/config.json --force \
--name k8s-cluster.example.com --state s3://my-state-store --name k8s-cluster.example.com --state s3://my-state-store
@ -32,9 +36,9 @@ kops create secret dockerconfig [flags]
### Options ### Options
``` ```
-f, -- string Path to docker config JSON file -f, --filename string Path to Docker config JSON file
--force Force replace the kOps secret if it already exists --force Force replace the secret if it already exists
-h, --help help for dockerconfig -h, --help help for dockerconfig
``` ```
### Options inherited from parent commands ### Options inherited from parent commands