Add docker private registry support (#42)

* Fix to the README local developement section build instruction

* Update to makefile with a specific local development binary target (auto detect developer OS), a specific docker image binary target, and docker build arguments for internal proxy. Fix to the README with deprecated infos.

* Implementation for the private docker registry support

* Update to README with instructions on running with Docker Private Registry

* Update to tests with docker private registry support

* Revert multiple binaries generation in makefile

* Combine all const in the same block

.gitignore

@@ -1 +1 @@
-registry-creds
+bin/

Dockerfile

@@ -4,6 +4,6 @@ MAINTAINER Steve Sloka <[email protected]>
 RUN apk add --update ca-certificates && \
   rm -rf /var/cache/apk/*
 
-ADD registry-creds registry-creds
+COPY registry-creds registry-creds
 
 ENTRYPOINT ["/registry-creds"]

Makefile

@@ -2,24 +2,45 @@
 # MAINTAINER: Steve Sloka <[email protected]>
 # If you update this image please bump the tag value before pushing.
 
-.PHONY: all binary container push clean test
-
 TAG = 1.6
 PREFIX = upmcenterprises
 
+BIN = registry-creds
+
+# docker build arguments for internal proxy
+ifneq ($(http_proxy),)
+HTTP_PROXY_BUILD_ARG=--build-arg http_proxy=$(http_proxy)
+else
+HTTP_PROXY_BUILD_ARG=
+endif
+
+ifneq ($(https_proxy),)
+HTTPS_PROXY_BUILD_ARG=--build-arg https_proxy=$(https_proxy)
+else
+HTTPS_PROXY_BUILD_ARG=
+endif
+
+.PHONY: all
 all: container
 
+.PHONY: build
 build: main.go
-	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a -installsuffix cgo -o registry-creds --ldflags '-w' ./main.go
+	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a -installsuffix cgo -o $(BIN) --ldflags '-w' $<
 
+.PHONY: container
 container: build
-	docker build -t $(PREFIX)/registry-creds:$(TAG) .
+	docker build -t $(PREFIX)/$(BIN):$(TAG) \
+		$(HTTP_PROXY_BUILD_ARG) \
+		$(HTTPS_PROXY_BUILD_ARG) .
 
+.PHONY: push
 push:
-	docker push $(PREFIX)/registry-creds:$(TAG)
+	docker push $(PREFIX)/$(BIN):$(TAG)
 
+.PHONY: clean
 clean:
-	rm -f registry-creds
+	rm -f $(BIN)
 
+.PHONY: test
 test: clean
 	go test -v $(go list ./... | grep -v vendor)

README.md

@@ -1,5 +1,6 @@
 # Registry Credentials
-Allow for Registry credentials to be refreshed inside your Kubernetes cluster via ImagePullSecrets
+
+Allow for Registry credentials to be refreshed inside your Kubernetes cluster via `ImagePullSecrets`.
 
 ## How it works
 
@@ -9,89 +10,119 @@ Allow for Registry credentials to be refreshed inside your Kubernetes cluster vi
 - Then it sets up this secret to be used in the `ImagePullSecrets` for the default service account
 - Whenever a pod is created, this secret is attached to the pod
 - The container will refresh the credentials by default every 60 minutes
-- Enabled for use with Minikube as an addon (https://github.com/kubernetes/minikube#add-ons)
+- Enabled for use with Minikube as an [addon](https://github.com/kubernetes/minikube#add-ons)
 
-_NOTE: This will setup credentials across ALL namespaces!_
+> **NOTE:** This will setup credentials across ALL namespaces!
 
 ## Parameters
 
 The following parameters are driven via Environment variables.
 
 - Environment Variables:
-  - AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY: Credentials to access AWS
-  - awsaccount: AWS Account Id 
-  - awsregion: (optional) Can override the default aws region by setting this variable. Note: The region can also be specified as an arg to the binary.  
+  - AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY: Credentials to access AWS.
+  - awsaccount: AWS Account Id.
+  - awsregion: (optional) Can override the default AWS region by setting this variable.
+    > **Note:** The region can also be specified as an arg to the binary.  
 
 ## How to setup running in AWS
 
 1. Clone the repo and navigate to directory
 
-2a. If running on AWS EC2, make sure your EC2 instances have the following IAM permissions:
+2. Configure
+
+   1. If running on AWS EC2, make sure your EC2 instances have the following IAM permissions:
+
+      ```json
+      {
+       "Effect": "Allow",
+        "Action": [
+         "ecr:GetAuthorizationToken",
+         "ecr:BatchCheckLayerAvailability",
+         "ecr:GetDownloadUrlForLayer",
+         "ecr:GetRepositoryPolicy",
+         "ecr:DescribeRepositories",
+         "ecr:ListImages",
+         "ecr:BatchGetImage"
+       ],
+       "Resource": "*"
+      }
+      ```
+
+   2. If you are not running in AWS Cloud, then you can still use this tool! Edit & create the sample [secret](k8s/secret.yaml) and update values for `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `aws-account`, and `aws-region` (base64 encoded).
+
+      ```bash
+      echo -n "secret-key" | base64
+
+      kubectl create -f k8s/secret.yaml
+      ```
+
+3. Create the replication controller.
+
+   ```bash
+   kubectl create -f k8s/replicationController.yaml
+   ```
+
+   > **NOTE:** If running on premise, no need to provide `AWS_ACCESS_KEY_ID` or `AWS_SECRET_ACCESS_KEY` since that will come from the EC2 instance.
+
+4. Use `awsecr-cred` for name of `imagePullSecrets` on your `deployment.yaml` file.
+
+## How to setup running in GCR
 
-  ```json
-  {
-   "Effect": "Allow",
-    "Action": [
-     "ecr:GetAuthorizationToken",
-     "ecr:BatchCheckLayerAvailability",
-     "ecr:GetDownloadUrlForLayer",
-     "ecr:GetRepositoryPolicy",
-     "ecr:DescribeRepositories",
-     "ecr:ListImages",
-     "ecr:BatchGetImage"
-   ],
-   "Resource": "*"
-  }
-  ```
+1. Clone the repo and navigate to directory
 
-2b. If you are not running in AWS Cloud, then you can still use this tool! Edit & create the sample [secret](k8s/secret.yaml) and update values for AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS Account Id (base64 encoded)
+2. Input your `application_default_credentials.json` information into the `secret.yaml` template located [here](k8s/secret.yaml#L17):
+The value for `application_default_credentials.json` can be obtained with the following command:
 
-```bash
-echo -n "secret-key" | base64
+   ```bash
+   base64 -w 0 $HOME/.config/gcloud/application_default_credentials.json
+   ```
 
-kubectl create -f k8s/secret.yaml
-```
+3. Create the secret in kubernetes
 
-3. Create the replication controller. NOTE: If running on prem, no need to provide AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY since that will come from the EC2 instance.
+   ```bash
+   kubectl create -f k8s/secret.yml
+   ```
 
-  ```bash
-  kubectl create -f k8s/replicationController.yaml
-  ```
-4. Use awsecr-cred for name of imagePullSecrets on your deployment.yaml file.
+4. Create the replication controller:
 
-## How to setup running in GCR
+   ```bash
+   kubectl create -f k8s/replicationController.yaml
+   ```
+
+## How to setup running in Docker Private Registry
 
 1. Clone the repo and navigate to directory
 
-2. Input your application_default_credentials.json information into the secret.yaml template located [here](k8s/secret.yaml#L17):
-The value for application_default_credentials.json can be obtained with the following command:
-```bash
-base64 -w $HOME/.config/gcloud/application_default_credentials.json
-```
+2. Edit the sample [secret](k8s/secret.yaml) and update values for `DOCKER_PRIVATE_REGISTRY_SERVER`, `DOCKER_PRIVATE_REGISTRY_USER`, and `DOCKER_PRIVATE_REGISTRY_PASSWORD` (base64 encoded).
+
+   ```bash
+   echo -n "secret-key" | base64
+   ```
 
 3. Create the secret in kubernetes
-```bash
-kubectl create -f k8s/secret.yml
-```
 
-3. Create the replication controller:
+   ```bash
+   kubectl create -f k8s/secret.yml
+   ```
+
+4. Create the replication controller:
 
-```bash
-kubectl create -f k8s/replicationController.yaml
-```
+   ```bash
+   kubectl create -f k8s/replicationController.yaml
+   ```
 
 ## DockerHub Image
 
-- https://hub.docker.com/r/upmcenterprises/awsecr-creds/
+- [upmcenterprises/registry-creds](https://hub.docker.com/r/upmcenterprises/registry-creds/)
 
 ## Developing Locally
 
 If you want to hack on this project:
 
 1. Clone the repo
-2. Build: `make binary`
+2. Build: `make build`
 3. Test: `make test`
-4. Run on your machine: ` go run ./main.go --kubecfg-file=<pathToKubecfgFile> --use-kubernetes-cluster-service=false
+4. Run on your machine: `go run ./main.go --kubecfg-file=<pathToKubecfgFile>`
 
 ## About
 

k8s/replicationController.yaml

@@ -41,6 +41,21 @@ spec:
               secretKeyRef:
                 name: registry-creds-ecr
                 key: aws-region
+          - name: DOCKER_PRIVATE_REGISTRY_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: registry-creds-dpr
+                key: DOCKER_PRIVATE_REGISTRY_PASSWORD
+          - name: DOCKER_PRIVATE_REGISTRY_SERVER
+            valueFrom:
+              secretKeyRef:
+                name: registry-creds-dpr
+                key: DOCKER_PRIVATE_REGISTRY_SERVER
+          - name: DOCKER_PRIVATE_REGISTRY_USER
+            valueFrom:
+              secretKeyRef:
+                name: registry-creds-dpr
+                key: DOCKER_PRIVATE_REGISTRY_USER
         volumeMounts:
         - name: gcr-creds
           mountPath: "/root/.config/gcloud"

k8s/secret.yaml

@@ -1,3 +1,20 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-creds-dpr
+  namespace: kube-system
+  labels:
+    app: registry-creds
+    kubernetes.io/minikube-addons: registry-creds
+    cloud: private
+data:
+  DOCKER_PRIVATE_REGISTRY_SERVER: Y2hhbmdlbWU=
+  DOCKER_PRIVATE_REGISTRY_USER: Y2hhbmdlbWU=
+  DOCKER_PRIVATE_REGISTRY_PASSWORD: Y2hhbmdlbWU=
+type: Opaque
+
+---
+
 apiVersion: v1
 kind: Secret
 metadata: