feat(registry): Add support for external registry

Author: Keerthan Reddy Mala

pkg/conf/config.go

@@ -16,6 +16,7 @@ const (
 	gcsKey              = "key.json"
 )
 
+// Parameters is map which contains storage params
 type Parameters map[string]interface{}
 
 // EnvConfig is a convenience function to process the envconfig (
@@ -43,6 +44,7 @@ func GetBuilderKey() (string, error) {
 	return builderKey, nil
 }
 
+// GetStorageParams returns the credentials required for connecting to object storage
 func GetStorageParams(env sys.Env) (Parameters, error) {
 	params := make(map[string]interface{})
 	files, err := ioutil.ReadDir(storageCredLocation)

pkg/controller/utils.go

@@ -27,6 +27,7 @@ type UserInfo struct {
 	Apps        []string
 }
 
+// ControllerURLStr returns the url for connecting to deis controller
 func ControllerURLStr(additionalPath ...string) (string, error) {
 	host := os.Getenv(hostEnvName)
 	port := os.Getenv(portEnvName)

pkg/gitreceive/build.go

@@ -138,8 +138,21 @@ func build(
 
 	var pod *api.Pod
 	var buildPodName string
+	image := appName
 	if usingDockerfile {
 		buildPodName = dockerBuilderPodName(appName, gitSha.Short())
+		registryLocation := conf.RegistryLocation
+		registryEnv := make(map[string]string)
+		if registryLocation != "on-cluster" {
+			registryEnv, err = getRegistryDetails(kubeClient, &image, registryLocation, conf.PodNamespace, conf.RegistrySecretPrefix)
+			if err != nil {
+				return fmt.Errorf("error getting private registry details %s", err)
+			}
+			image = image + ":git-" + gitSha.Short()
+		}
+		registryEnv["DEIS_REGISTRY_PROXY_PORT"] = conf.RegistryProxyPort
+		registryEnv["DEIS_REGISTRY_LOCATION"] = registryLocation
+
 		pod = dockerBuilderPod(
 			conf.Debug,
 			buildPodName,
@@ -149,7 +162,7 @@ func build(
 			slugName,
 			conf.StorageType,
 			conf.DockerBuilderImage,
-			conf.RegistryProxyPort,
+			registryEnv,
 			dockerBuilderImagePullPolicy,
 		)
 	} else {
@@ -244,7 +257,7 @@ func build(
 
 	log.Info("Build complete.")
 
-	buildHook := createBuildHook(slugBuilderInfo, gitSha, conf.Username, appName, procType, usingDockerfile)
+	buildHook := createBuildHook(slugBuilderInfo, gitSha, conf.Username, appName, image, procType, usingDockerfile)
 	quit := progress("...", conf.SessionIdleInterval())
 	log.Info("Launching App...")
 	buildHookResp, err := publishRelease(conf, builderKey, buildHook)

pkg/gitreceive/config.go

@@ -14,10 +14,11 @@ const (
 // builder's git-receive hook.
 type Config struct {
 	// k8s service discovery env vars
-	ControllerHost    string `envconfig:"DEIS_CONTROLLER_SERVICE_HOST" required:"true"`
-	ControllerPort    string `envconfig:"DEIS_CONTROLLER_SERVICE_PORT" required:"true"`
-	RegistryHost      string `envconfig:"DEIS_REGISTRY_SERVICE_HOST" required:"true"`
-	RegistryProxyPort string `envconfig:"DEIS_REGISTRY_PROXY_PORT" default:"5555"`
+	ControllerHost       string `envconfig:"DEIS_CONTROLLER_SERVICE_HOST" required:"true"`
+	ControllerPort       string `envconfig:"DEIS_CONTROLLER_SERVICE_PORT" required:"true"`
+	RegistryProxyPort    string `envconfig:"DEIS_REGISTRY_PROXY_PORT" default:"5555"`
+	RegistryLocation     string `envconfig:"DEIS_REGISTRY_LOCATION" default:"on-cluster"`
+	RegistrySecretPrefix string `envconfig:"DEIS_REGISTRY_SECRET_PREFIX" default:"private-registry"`
 
 	GitHome                       string `envconfig:"GIT_HOME" required:"true"`
 	SSHConnection                 string `envconfig:"SSH_CONNECTION" required:"true"`

pkg/gitreceive/controller.go

@@ -186,15 +186,15 @@ func createBuildHook(
 	slugBuilderInfo *SlugBuilderInfo,
 	gitSha *git.SHA,
 	username,
-	appName string,
+	appName, image string,
 	procType pkg.ProcessType,
 	usingDockerfile bool,
 ) *pkg.BuildHook {
 	ret := &pkg.BuildHook{
 		Sha:         gitSha.Short(),
 		ReceiveUser: username,
 		ReceiveRepo: appName,
-		Image:       appName,
+		Image:       image,
 		Procfile:    procType,
 	}
 	if !usingDockerfile {

pkg/gitreceive/controller_test.go

@@ -22,15 +22,15 @@ func TestCreateBuildHook(t *testing.T) {
 
 	slugName := appName + ":git-" + sha.Short()
 	slugBuilderInfo := NewSlugBuilderInfo(slugName)
-	hookUsingDockerfile := createBuildHook(slugBuilderInfo, sha, username, appName, procType, true)
+	hookUsingDockerfile := createBuildHook(slugBuilderInfo, sha, username, appName, slugName, procType, true)
 	assert.Equal(t, hookUsingDockerfile.Sha, sha.Short(), "git sha")
 	assert.Equal(t, hookUsingDockerfile.ReceiveUser, username, "username")
 	assert.Equal(t, hookUsingDockerfile.ReceiveRepo, appName, "username")
-	assert.Equal(t, hookUsingDockerfile.Image, appName, "image")
+	assert.Equal(t, hookUsingDockerfile.Image, slugName, "image")
 	assert.Equal(t, hookUsingDockerfile.Procfile, procType, "procfile")
 	assert.Equal(t, hookUsingDockerfile.Dockerfile, "true", "dockerfile field")
 
-	hookNoDockerfile := createBuildHook(slugBuilderInfo, sha, username, appName, procType, false)
+	hookNoDockerfile := createBuildHook(slugBuilderInfo, sha, username, appName, slugName, procType, false)
 	assert.Equal(t, hookNoDockerfile.Sha, sha.Short(), "git sha")
 	assert.Equal(t, hookNoDockerfile.ReceiveUser, username, "username")
 	assert.Equal(t, hookNoDockerfile.ReceiveRepo, appName, "username")

pkg/gitreceive/k8s_util.go

@@ -43,7 +43,8 @@ func dockerBuilderPod(
 	tarKey,
 	imageName,
 	storageType,
-	image, registryProxyPort string,
+	image string,
+	registryEnv map[string]string,
 	pullPolicy api.PullPolicy,
 ) *api.Pod {
 
@@ -55,7 +56,10 @@ func dockerBuilderPod(
 	addEnvToPod(pod, tarPath, tarKey)
 	addEnvToPod(pod, "IMG_NAME", imageName)
 	addEnvToPod(pod, builderStorage, storageType)
-	addEnvToPod(pod, "DEIS_REGISTRY_PROXY_PORT", registryProxyPort)
+
+	for key, value := range registryEnv {
+		addEnvToPod(pod, key, value)
+	}
 
 	pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, api.VolumeMount{
 		Name:      dockerSocketName,

pkg/gitreceive/k8s_util_test.go

@@ -121,7 +121,7 @@ func TestBuildPod(t *testing.T) {
 		{true, "test", "default", env, "tar", "img", "customimage", api.PullIfNotPresent, ""},
 		{true, "test", "default", env, "tar", "img", "customimage", api.PullNever, ""},
 	}
-
+	regEnv := map[string]string{"REG_LOC": "on-cluster"}
 	for _, build := range dockerBuilds {
 		pod = dockerBuilderPod(
 			build.debug,
@@ -132,7 +132,7 @@ func TestBuildPod(t *testing.T) {
 			build.imgName,
 			build.storageType,
 			build.dockerBuilderImage,
-			"5555",
+			regEnv,
 			build.dockerBuilderImagePullPolicy,
 		)
 
@@ -145,6 +145,7 @@ func TestBuildPod(t *testing.T) {
 
 		checkForEnv(t, pod, "TAR_PATH", build.tarKey)
 		checkForEnv(t, pod, "IMG_NAME", build.imgName)
+		checkForEnv(t, pod, "REG_LOC", "on-cluster")
 		if build.dockerBuilderImage != "" {
 			if pod.Spec.Containers[0].Image != build.dockerBuilderImage {
 				t.Errorf("expected %v but returned %v", build.dockerBuilderImage, pod.Spec.Containers[0].Image)

pkg/gitreceive/registry.go

@@ -0,0 +1,126 @@
+package gitreceive
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"strings"
+
+	"github.com/deis/builder/pkg/k8s"
+	"github.com/deis/builder/pkg/storage"
+	"k8s.io/kubernetes/pkg/api"
+	client "k8s.io/kubernetes/pkg/client/unversioned"
+)
+
+const (
+	registrySecret = "registry-secret"
+)
+
+func getDetailsFromRegistrySecret(secretGetter k8s.SecretGetter, secret string) (map[string]string, error) {
+	regSecret, err := secretGetter.Get(secret)
+	if err != nil {
+		return nil, err
+	}
+	regDetails := make(map[string]string)
+	for key, value := range regSecret.Data {
+		regDetails[key] = string(value)
+	}
+	return regDetails, nil
+}
+
+func getDetailsFromDockerConfigSecret(secretGetter k8s.SecretGetter, secret string) (map[string]string, error) {
+	configSecret, err := secretGetter.Get(secret)
+	if err != nil {
+		return nil, err
+	}
+	dockerConfigJSONBytes := configSecret.Data[api.DockerConfigJsonKey]
+	var secretData map[string]interface{}
+	if err = json.Unmarshal(dockerConfigJSONBytes, &secretData); err != nil {
+		return nil, err
+	}
+
+	var authdata map[string]interface{}
+	var hostname string
+	for key, value := range secretData["auths"].(map[string]interface{}) {
+		hostname = key
+		authdata = value.(map[string]interface{})
+	}
+	token := authdata["auth"].(string)
+	decodedToken, err := base64.StdEncoding.DecodeString(token)
+	if err != nil {
+		return nil, err
+	}
+	parts := strings.SplitN(string(decodedToken), ":", 2)
+	if len(parts) != 2 {
+		return nil, errors.New("Invalid token in docker config secret")
+	}
+	user := parts[0]
+	password := parts[1]
+	regDetails := make(map[string]string)
+	regDetails["DEIS_REGISTRY_USERNAME"] = user
+	regDetails["DEIS_REGISTRY_PASSWORD"] = password
+	regDetails["DEIS_REGISTRY_HOSTNAME"] = hostname
+	return regDetails, nil
+}
+
+func getRegistryDetails(kubeClient client.SecretsNamespacer, image *string, registryLocation, namespace, registrySecretPrefix string) (map[string]string, error) {
+	registryConfigSecretInterface := kubeClient.Secrets(*image)
+	privateRegistrySecretInterface := kubeClient.Secrets(namespace)
+	registryEnv := make(map[string]string)
+	var regSecretData map[string]string
+	var err error
+	if registryLocation == "off-cluster" {
+		regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
+		if err != nil {
+			return nil, err
+		}
+		for key, value := range regSecretData {
+			registryEnv["DEIS_REGISTRY_"+strings.ToUpper(key)] = value
+		}
+		if registryEnv["DEIS_REGISTRY_ORGANIZATION"] != "" {
+			*image = registryEnv["DEIS_REGISTRY_ORGANIZATION"] + "/" + *image
+		}
+		if registryEnv["DEIS_REGISTRY_HOSTNAME"] != "" {
+			*image = registryEnv["DEIS_REGISTRY_HOSTNAME"] + "/" + *image
+		}
+	} else if registryLocation == "ecr" {
+		registryEnv, err = getDetailsFromDockerConfigSecret(registryConfigSecretInterface, registrySecretPrefix+"-"+registryLocation)
+		if err != nil {
+			return nil, err
+		}
+
+		regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
+		if err != nil {
+			return nil, err
+		}
+		err = storage.CreateImageRepo(*image, regSecretData)
+		if err != nil {
+			return nil, err
+		}
+		hostname := strings.Replace(registryEnv["DEIS_REGISTRY_HOSTNAME"], "https://", "", 1)
+		*image = hostname + "/" + *image
+
+	} else if registryLocation == "gcr" {
+		registryEnv, err = getDetailsFromDockerConfigSecret(registryConfigSecretInterface, registrySecretPrefix+"-"+registryLocation)
+		if err != nil {
+			return nil, err
+		}
+
+		regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
+		if err != nil {
+			return nil, err
+		}
+		var key struct {
+			ProjectID string `json:"project_id"`
+		}
+		jsonKey := []byte(regSecretData["key.json"])
+		if err := json.Unmarshal(jsonKey, &key); err != nil {
+			return nil, err
+		}
+		hostname := strings.Replace(registryEnv["DEIS_REGISTRY_HOSTNAME"], "https://", "", 1)
+		projectID := strings.Replace(key.ProjectID, ":", "/", -1)
+		registryEnv["DEIS_REGISTRY_GCS_PROJ_ID"] = projectID
+		*image = strings.Replace(hostname, "https://", "", 1) + "/" + projectID + "/" + *image
+	}
+	return registryEnv, nil
+}