diff --git a/pkg/skaffold/build/cluster/pod.go b/pkg/skaffold/build/cluster/pod.go index 1932d7e890c..75d329dd2f3 100644 --- a/pkg/skaffold/build/cluster/pod.go +++ b/pkg/skaffold/build/cluster/pod.go @@ -95,6 +95,13 @@ func (b *Builder) kanikoPodSpec(artifact *latest.KanikoArtifact, tag string, pla addSecretVolume(pod, kaniko.DefaultSecretName, b.ClusterDetails.PullSecretMountPath, b.ClusterDetails.PullSecretName) } + // Add secret for pulling kaniko images from a private registry + if artifact.ImagePullSecret != "" { + pod.Spec.ImagePullSecrets = []v1.LocalObjectReference{{ + Name: artifact.ImagePullSecret, + }} + } + // Add host path volume for cache if artifact.Cache != nil && artifact.Cache.HostPath != "" { addHostPathVolume(pod, kaniko.DefaultCacheDirName, kaniko.DefaultCacheDirMountPath, artifact.Cache.HostPath) diff --git a/pkg/skaffold/build/cluster/pod_test.go b/pkg/skaffold/build/cluster/pod_test.go index 70d16d410f0..9539614324d 100644 --- a/pkg/skaffold/build/cluster/pod_test.go +++ b/pkg/skaffold/build/cluster/pod_test.go @@ -181,9 +181,10 @@ func TestKanikoArgs(t *testing.T) { func TestKanikoPodSpec(t *testing.T) { artifact := &latest.KanikoArtifact{ - Image: "image", - DockerfilePath: "Dockerfile", - InitImage: "init/image", + Image: "image", + DockerfilePath: "Dockerfile", + InitImage: "init/image", + ImagePullSecret: "image-pull-secret", Destination: []string{ "gcr.io/foo/bar:test-1", "gcr.io/foo/bar:test-2", @@ -353,6 +354,9 @@ func TestKanikoPodSpec(t *testing.T) { }, }, }}, + ImagePullSecrets: []v1.LocalObjectReference{{ + Name: "image-pull-secret", + }}, ServiceAccountName: "aVerySpecialSA", SecurityContext: &v1.PodSecurityContext{ RunAsUser: &runAsUser, diff --git a/pkg/skaffold/schema/latest/config.go b/pkg/skaffold/schema/latest/config.go index 860efb7f673..0ab52a742ca 100644 --- a/pkg/skaffold/schema/latest/config.go +++ b/pkg/skaffold/schema/latest/config.go @@ -1465,6 +1465,9 @@ type KanikoArtifact struct { // Defaults to the latest released version of `gcr.io/kaniko-project/executor`. Image string `yaml:"image,omitempty"` + // ImagePullSecret is the name of the Kubernetes secret for pulling kaniko image and kaniko init image from a private registry + ImagePullSecret string `yaml:"imagePullSecret,omitempty"` + // Destination is additional tags to push. Destination []string `yaml:"destination,omitempty"`