From 0cf18cef32cb79dcc25410a21f406c370d4d7396 Mon Sep 17 00:00:00 2001 From: dherges Date: Sat, 21 Dec 2024 13:58:39 +0100 Subject: [PATCH 1/3] feat: add config option kaniko.imagePullSecret --- pkg/skaffold/schema/latest/config.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/skaffold/schema/latest/config.go b/pkg/skaffold/schema/latest/config.go index 860efb7f673..0ab52a742ca 100644 --- a/pkg/skaffold/schema/latest/config.go +++ b/pkg/skaffold/schema/latest/config.go @@ -1465,6 +1465,9 @@ type KanikoArtifact struct { // Defaults to the latest released version of `gcr.io/kaniko-project/executor`. Image string `yaml:"image,omitempty"` + // ImagePullSecret is the name of the Kubernetes secret for pulling kaniko image and kaniko init image from a private registry + ImagePullSecret string `yaml:"imagePullSecret,omitempty"` + // Destination is additional tags to push. Destination []string `yaml:"destination,omitempty"` From 6f5fe9ea9572b5570b1ddab1b8d08cb1308f9aaa Mon Sep 17 00:00:00 2001 From: dherges Date: Sat, 21 Dec 2024 13:58:39 +0100 Subject: [PATCH 2/3] feat: pull kaniko images from private registry w/ pull secret --- pkg/skaffold/build/cluster/pod.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/skaffold/build/cluster/pod.go b/pkg/skaffold/build/cluster/pod.go index 1932d7e890c..75d329dd2f3 100644 --- a/pkg/skaffold/build/cluster/pod.go +++ b/pkg/skaffold/build/cluster/pod.go @@ -95,6 +95,13 @@ func (b *Builder) kanikoPodSpec(artifact *latest.KanikoArtifact, tag string, pla addSecretVolume(pod, kaniko.DefaultSecretName, b.ClusterDetails.PullSecretMountPath, b.ClusterDetails.PullSecretName) } + // Add secret for pulling kaniko images from a private registry + if artifact.ImagePullSecret != "" { + pod.Spec.ImagePullSecrets = []v1.LocalObjectReference{{ + Name: artifact.ImagePullSecret, + }} + } + // Add host path volume for cache if artifact.Cache != nil && artifact.Cache.HostPath != "" { addHostPathVolume(pod, kaniko.DefaultCacheDirName, kaniko.DefaultCacheDirMountPath, artifact.Cache.HostPath) From ad284346098a9c997f94420ddf2ff50a8b020dc0 Mon Sep 17 00:00:00 2001 From: dherges Date: Sat, 21 Dec 2024 13:58:40 +0100 Subject: [PATCH 3/3] test: verify pod spec for kaniko.imagePullSecret --- pkg/skaffold/build/cluster/pod_test.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkg/skaffold/build/cluster/pod_test.go b/pkg/skaffold/build/cluster/pod_test.go index 70d16d410f0..9539614324d 100644 --- a/pkg/skaffold/build/cluster/pod_test.go +++ b/pkg/skaffold/build/cluster/pod_test.go @@ -181,9 +181,10 @@ func TestKanikoArgs(t *testing.T) { func TestKanikoPodSpec(t *testing.T) { artifact := &latest.KanikoArtifact{ - Image: "image", - DockerfilePath: "Dockerfile", - InitImage: "init/image", + Image: "image", + DockerfilePath: "Dockerfile", + InitImage: "init/image", + ImagePullSecret: "image-pull-secret", Destination: []string{ "gcr.io/foo/bar:test-1", "gcr.io/foo/bar:test-2", @@ -353,6 +354,9 @@ func TestKanikoPodSpec(t *testing.T) { }, }, }}, + ImagePullSecrets: []v1.LocalObjectReference{{ + Name: "image-pull-secret", + }}, ServiceAccountName: "aVerySpecialSA", SecurityContext: &v1.PodSecurityContext{ RunAsUser: &runAsUser,