lukaszraczylo/kubernetes-images-sync-operator
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/kubernetes-images-sync-operator.git synced 2026-06-10 23:29:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Mount imageSecrets in the worker pod

Browse Source
This commit is contained in:
Lukasz Raczylo
2024-09-11 17:37:18 +01:00
parent e37df8247f
commit 610cb3a7d3
8 changed files with 95 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-image-worker/Dockerfile
+6 -2
View File
@@ -9,6 +9,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
gnupg2 \
python3-pip \
sudo \
jq \
&& rm -rf /var/lib/apt/lists/*
RUN echo "deb [arch=${TARGETARCH}] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/ /" | tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list \
@@ -30,7 +31,10 @@ RUN adduser --disabled-password --gecos "" --uid 1001 runner \
WORKDIR /home/runner
COPY storage.conf containers.conf registries.conf /home/runner/.config/containers/
COPY requirements.txt export.py cleanup.py s3_utils.py ./
COPY requirements.txt export.py cleanup.py s3_utils.py podman-preauth.sh ./
USER runner
RUN sudo chown -R runner:runner /home/runner/.config \
&& python3 -m pip install --no-cache-dir --only-binary=:all: -r requirements.txt
&& python3 -m pip install --no-cache-dir --only-binary=:all: -r requirements.txt \
&& sudo chmod +x podman-preauth.sh
ENTRYPOINT ["/home/runner/podman-preauth.sh"]
CMD ["bash", "-c"]
docker-image-worker/podman-preauth.sh
Executable
+33
View File
@@ -0,0 +1,33 @@
#!/bin/bash
set -e
PODMAN_AUTH_FILE="/home/runner/.config/containers/auth.json"
# Initialize the auth file if it doesn't exist or is empty
mkdir -p $(dirname $PODMAN_AUTH_FILE)
if [ ! -s "$PODMAN_AUTH_FILE" ]; then
echo '{"auths":{}}' > $PODMAN_AUTH_FILE
fi
# Loop through all mounted secret directories
for secret_dir in /home/runner/.docker-secret-*; do
if [ -d "$secret_dir" ]; then
config_file="$secret_dir/.dockerconfigjson"
if [ -f "$config_file" ]; then
# Merge the auth data into the podman auth file
jq -s '.[0].auths * .[1].auths | {auths: .}' $PODMAN_AUTH_FILE $config_file > ${PODMAN_AUTH_FILE}.tmp
mv ${PODMAN_AUTH_FILE}.tmp $PODMAN_AUTH_FILE
# Extract registry, username, and password from the config file
jq -r '.auths | to_entries[] | "\(.key) \(.value.auth)"' $config_file | while read registry auth; do
username=$(echo $auth | base64 -d | cut -d: -f1)
password=$(echo $auth | base64 -d | cut -d: -f2-)
# Perform podman login
podman login --username "$username" --password "$password" "$registry"
echo "podman: Successfully logged into $registry"
done
fi
fi
done
# Run the original command
exec "$@"