Skip to content

GitLab

"docs/kubernetes/deployment/create-deployment.md" did not exist on "dd6c399565fe203898e14f1d92c87be35f07f24f"
Switch branch/tag
Find file Normal viewHistoryPermalink
docker.go 2.07 KB
Newer Older
julienmancuso's avatar
feat: simplify k8s deployment (#1708)  
julienmancuso committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72 
package secrets

import (
	"context"
	"encoding/json"
	"fmt"
	"sync"

	"github.com/ai-dynamo/dynamo/deploy/cloud/operator/internal/common"
	corev1 "k8s.io/api/core/v1"
	"sigs.k8s.io/controller-runtime/pkg/client"
)

type DockerSecretIndexer struct {
	// maps for a namespace, a docker registry server to a list of secret names
	secrets map[string]map[string][]string
	client  client.Client
	mu      sync.RWMutex
}

func NewDockerSecretIndexer(client client.Client) *DockerSecretIndexer {
	return &DockerSecretIndexer{
		secrets: make(map[string]map[string][]string),
		client:  client,
	}
}

func (i *DockerSecretIndexer) RefreshIndex(ctx context.Context) error {
	// scan for all secrets in the namespace
	secrets := &corev1.SecretList{}
	if err := i.client.List(ctx, secrets); err != nil {
		return fmt.Errorf("unable to list secrets: %w", err)
	}
	tmpSecrets := make(map[string]map[string][]string)
	for _, secret := range secrets.Items {
		if secret.Type == corev1.SecretTypeDockerConfigJson {
			// unmarshal the secret data
			dockerConfig := &struct {
				Auths map[string]any `json:"auths"`
			}{}
			if err := json.Unmarshal(secret.Data[corev1.DockerConfigJsonKey], dockerConfig); err != nil {
				return fmt.Errorf("unable to unmarshal docker config json for secret %s: %w", secret.Name, err)
			}
			namespace := secret.Namespace
			if _, ok := tmpSecrets[namespace]; !ok {
				tmpSecrets[namespace] = make(map[string][]string)
			}
			for auth := range dockerConfig.Auths {
				// retrieve the registry host
				registry, err := common.GetHost(auth)
				if err != nil {
					return fmt.Errorf("unable to get host for registry %s for secret %s: %w", auth, secret.Name, err)
				}
				tmpSecrets[namespace][registry] = append(tmpSecrets[namespace][registry], secret.Name)
			}
		}
	}
	i.mu.Lock()
	defer i.mu.Unlock()
	i.secrets = tmpSecrets
	return nil
}

func (i *DockerSecretIndexer) GetSecrets(namespace, registry string) ([]string, error) {
	registry, err := common.GetHost(registry)
	if err != nil {
		return nil, err
	}
	i.mu.RLock()
	defer i.mu.RUnlock()
	return i.secrets[namespace][registry], nil
}