From 975ec2327fa7caaa043d3206fd044ef140fd9fa9 Mon Sep 17 00:00:00 2001 From: Evgheni Poleacov Date: Wed, 23 Oct 2024 22:02:51 +0300 Subject: [PATCH] local registry kyverno policy and auto creation --- go.mod | 2 +- internal/engine/engine.go | 289 +--------------------------- internal/environment/environment.go | 9 + internal/environment/kind.go | 4 - internal/namespace/namespace.go | 2 +- internal/policy/kyverno.go | 166 ++++++++++++++++ internal/policy/policy.go | 35 ++++ internal/provider/load.go | 12 +- internal/registry/local.go | 88 ++++++--- internal/registry/registry.go | 6 +- 10 files changed, 289 insertions(+), 324 deletions(-) create mode 100644 internal/policy/kyverno.go create mode 100644 internal/policy/policy.go diff --git a/go.mod b/go.mod index 2af98a4..a6b0ad9 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.21.4 require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/docker/docker v24.0.7+incompatible + github.com/go-logr/logr v1.4.1 github.com/pkg/errors v0.9.1 go.uber.org/zap v1.26.0 gopkg.in/yaml.v3 v3.0.1 @@ -63,7 +64,6 @@ require ( github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect diff --git a/internal/engine/engine.go b/internal/engine/engine.go index d0e9957..2d5a314 100644 --- a/internal/engine/engine.go +++ b/internal/engine/engine.go @@ -2,7 +2,6 @@ package engine import ( "context" - b64 "encoding/base64" "fmt" "net/url" "strings" @@ -13,43 +12,18 @@ import ( "github.com/web-seven/overlock/internal/install" "github.com/web-seven/overlock/internal/install/helm" "github.com/web-seven/overlock/internal/namespace" - "gopkg.in/yaml.v3" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/rest" "go.uber.org/zap" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - "sigs.k8s.io/controller-runtime/pkg/builder" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" - "sigs.k8s.io/controller-runtime/pkg/reconcile" ) -type SecretReconciler struct { - serverIP string - client.Client - context.CancelFunc -} - const ( - RepoUrl = "https://charts.crossplane.io/stable" - ChartName = "crossplane" - ReleaseName = "overlock-crossplane" - Version = "1.15.2" - kindClusterRole = "ClusterRole" - ProviderConfigName = "overlock-kubernetes-provider-config" - helmProviderConfigName = "overlock-helm-provider-config" - aggregateToAdmin = "rbac.crossplane.io/aggregate-to-admin" - trueVal = "true" - errParsePackageName = "package name is not valid" + RepoUrl = "https://charts.crossplane.io/stable" + ChartName = "crossplane" + ReleaseName = "overlock-crossplane" + Version = "1.17.1" + trueVal = "true" + errParsePackageName = "package name is not valid" ) var ( @@ -148,257 +122,6 @@ func ManagedSelector(m map[string]string) string { return strings.Join(selectors, ",") } -// Setup Kubernetes provider which has crossplane admin aggregation role assigned -func SetupPrivilegedKubernetesProvider(ctx context.Context, configClient *rest.Config, logger *zap.SugaredLogger) error { - - pcn := ProviderConfigName - - sa := &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{ - Name: pcn, - Namespace: namespace.Namespace, - }, - } - - saSec := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: pcn, - Namespace: namespace.Namespace, - Annotations: map[string]string{ - "kubernetes.io/service-account.name": sa.Name, - }, - }, - Type: corev1.SecretTypeServiceAccountToken, - } - - cr := &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Name: pcn, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"*", ""}, - Verbs: []string{"*"}, - Resources: []string{"*"}, - }, - }, - } - - crb := &rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: pcn, - }, - Subjects: []rbacv1.Subject{ - { - Kind: rbacv1.ServiceAccountKind, - Name: sa.Name, - Namespace: namespace.Namespace, - }, - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: rbacv1.GroupName, - Kind: kindClusterRole, - Name: cr.Name, - }, - } - - scheme := runtime.NewScheme() - rbacv1.AddToScheme(scheme) - corev1.AddToScheme(scheme) - extv1.AddToScheme(scheme) - ctrl, _ := client.New(configClient, client.Options{Scheme: scheme}) - for _, res := range []client.Object{sa, saSec, cr, crb} { - _, err := controllerutil.CreateOrUpdate(ctx, ctrl, res, func() error { - return nil - }) - if err != nil { - return err - } - } - - svc := &corev1.Service{} - err := ctrl.Get(ctx, types.NamespacedName{Namespace: "default", Name: "kubernetes"}, svc) - if err != nil { - return err - } - - mgr, err := manager.New(configClient, manager.Options{}) - if err != nil { - return err - } - mgrContext, cancel := context.WithCancel(context.Background()) - if err = builder. - ControllerManagedBy(mgr). - For(&corev1.ServiceAccount{}). - WithEventFilter(predicate.Funcs{ - UpdateFunc: func(e event.UpdateEvent) bool { - return e.ObjectNew.GetName() == ProviderConfigName - }, - DeleteFunc: func(e event.DeleteEvent) bool { - return e.Object.GetName() == ProviderConfigName - }, - CreateFunc: func(e event.CreateEvent) bool { - return e.Object.GetName() == ProviderConfigName - }, - GenericFunc: func(e event.GenericEvent) bool { - return e.Object.GetName() == ProviderConfigName - }, - }, - ). - Complete(&SecretReconciler{ - Client: ctrl, - CancelFunc: cancel, - serverIP: "https://" + svc.Spec.ClusterIP + ":443", - }); err != nil { - return err - } - logger.Debug("Starting reconciliation of Kubernetes Provider") - mgr.Start(mgrContext) - return nil -} - -// Reconcile SvcAcc secret for make kubeconfig -func (a *SecretReconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { - sec := &corev1.Secret{} - err := a.Get(ctx, req.NamespacedName, sec) - if err != nil { - return reconcile.Result{}, err - } else if sec.GetName() != ProviderConfigName { - return reconcile.Result{Requeue: true}, nil - } - - if _, err = controllerutil.CreateOrUpdate(ctx, a.Client, sec, func() error { - kubeconfig, _ := yaml.Marshal(&map[string]interface{}{ - "apiVersion": "v1", - "kind": "Config", - "current-context": "in-cluster", - "clusters": []map[string]interface{}{ - { - "cluster": map[string]interface{}{ - "certificate-authority-data": b64.StdEncoding.EncodeToString(sec.Data["ca.crt"]), - "server": a.serverIP, - }, - "name": "in-cluster", - }, - }, - "contexts": []map[string]interface{}{ - { - "context": map[string]interface{}{ - "cluster": "in-cluster", - "user": "in-cluster", - "namespace": "overlock-system", - }, - "name": "in-cluster", - }, - }, - "preferences": map[string]interface{}{}, - "users": []map[string]interface{}{ - { - "name": "in-cluster", - "user": map[string]interface{}{ - "token": string(sec.Data["token"]), - }, - }, - }, - }) - - sec.Data["kubeconfig"] = []byte(kubeconfig) - return nil - }); err != nil { - return reconcile.Result{}, err - } - - crd := &extv1.CustomResourceDefinition{} - err = a.Get(ctx, types.NamespacedName{Name: "providerconfigs.kubernetes.crossplane.io"}, crd) - if err != nil { - return reconcile.Result{Requeue: true}, err - } - - pc := &unstructured.Unstructured{ - Object: map[string]interface{}{ - "apiVersion": "kubernetes.crossplane.io/v1alpha1", - "kind": "ProviderConfig", - "metadata": map[string]interface{}{ - "name": ProviderConfigName, - }, - }, - } - - hpc := &unstructured.Unstructured{ - Object: map[string]interface{}{ - "apiVersion": "helm.crossplane.io/v1beta1", - "kind": "ProviderConfig", - "metadata": map[string]interface{}{ - "name": helmProviderConfigName, - }, - }, - } - - envObj := &unstructured.Unstructured{ - Object: map[string]interface{}{ - "apiVersion": "overlock.io/v1alpha1", - "kind": "Environment", - "metadata": map[string]interface{}{ - "name": "environment", - }, - "spec": map[string]interface{}{ - "crossplane:": map[string]interface{}{}, - "kyverno:": map[string]interface{}{}, - "name": ReleaseName, - "namespace": namespace.Namespace, - "configuration": map[string]interface{}{ - "packages": []interface{}{}, - }, - "provider": map[string]interface{}{ - "packages": []interface{}{}, - }, - "helmProviderCfgRef": helmProviderConfigName, - "kubernetesProviderCfgRef": ProviderConfigName, - }, - }, - } - - if _, err = controllerutil.CreateOrUpdate(ctx, a.Client, pc, func() error { - pc.Object["spec"] = map[string]interface{}{ - "credentials": map[string]interface{}{ - "secretRef": map[string]interface{}{ - "key": "kubeconfig", - "name": ProviderConfigName, - "namespace": namespace.Namespace, - }, - "source": "Secret", - }, - } - return nil - }); err != nil { - return reconcile.Result{}, err - } - - if _, err = controllerutil.CreateOrUpdate(ctx, a.Client, hpc, func() error { - hpc.Object["spec"] = map[string]interface{}{ - "credentials": map[string]interface{}{ - "secretRef": map[string]interface{}{ - "key": "kubeconfig", - "name": ProviderConfigName, - "namespace": namespace.Namespace, - }, - "source": "Secret", - }, - } - return nil - }); err != nil { - return reconcile.Result{}, err - } - - if _, err = controllerutil.CreateOrUpdate(ctx, a.Client, envObj, func() error { return nil }); err != nil { - return reconcile.Result{}, err - } - - a.CancelFunc() - - return reconcile.Result{}, nil -} - func BuildPack(pack v1.Package, img string, pkgMap map[string]string) error { ref, err := name.ParseReference(img, name.WithDefaultRegistry("")) if err != nil { diff --git a/internal/environment/environment.go b/internal/environment/environment.go index ebf185a..41fc109 100644 --- a/internal/environment/environment.go +++ b/internal/environment/environment.go @@ -16,6 +16,7 @@ import ( "github.com/web-seven/overlock/internal/engine" "github.com/web-seven/overlock/internal/kube" "github.com/web-seven/overlock/internal/namespace" + "github.com/web-seven/overlock/internal/policy" "github.com/web-seven/overlock/internal/registry" "github.com/web-seven/overlock/internal/resources" "k8s.io/client-go/tools/clientcmd" @@ -148,11 +149,19 @@ func (e *Environment) Setup(ctx context.Context, logger *zap.SugaredLogger) erro return err } + logger.Debug("Installing policy controller") + err = policy.AddPolicyConroller(ctx, configClient, "kyverno") + if err != nil { + return err + } + logger.Debug("Done") + logger.Debug("Preparing engine") installer, err := engine.GetEngine(configClient) if err != nil { return err } + logger.Debug("Done") var params map[string]any release, err := installer.GetRelease() diff --git a/internal/environment/kind.go b/internal/environment/kind.go index 65c06b8..018dad1 100644 --- a/internal/environment/kind.go +++ b/internal/environment/kind.go @@ -102,10 +102,6 @@ func (e *Environment) configYaml(logger *zap.SugaredLogger) string { Kind: "Cluster", APIVersion: "kind.x-k8s.io/v1alpha4", Nodes: []KindNode{ - { - Role: "worker", - ExtraMounts: []KindMount{}, - }, { Role: "control-plane", KubeadmConfigPatches: []string{ diff --git a/internal/namespace/namespace.go b/internal/namespace/namespace.go index b60c8cb..014f7de 100644 --- a/internal/namespace/namespace.go +++ b/internal/namespace/namespace.go @@ -11,7 +11,7 @@ import ( const OVERLOCK_ENGINE_NAMESPACE = "OVERLOCK_ENGINE_NAMESPACE" -var Namespace = "kube-system" +var Namespace = "overlock" // Creates system namespace func CreateNamespace(ctx context.Context, config *rest.Config) error { diff --git a/internal/policy/kyverno.go b/internal/policy/kyverno.go new file mode 100644 index 0000000..bcc3353 --- /dev/null +++ b/internal/policy/kyverno.go @@ -0,0 +1,166 @@ +package policy + +import ( + "context" + "fmt" + "net/url" + + "github.com/web-seven/overlock/internal/install/helm" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/rest" +) + +const ( + kyvernoChartName = "kyverno" + kyvernoChartVersion = "3.2.5" + kyvernoReleaseName = "kyverno" + kyvernoRepoUrl = "https://kyverno.github.io/kyverno/" + kyvernoNamespace = "kyverno" + nodePort = "30100" +) + +var ( + chartValues = map[string]interface{}{ + "cleanupController": map[string]interface{}{ + "enabled": false, + }, + "reportsController": map[string]interface{}{ + "enabled": false, + }, + "backgroundController": map[string]interface{}{ + "enabled": false, + }, + "features": map[string]interface{}{ + "admissionReports": map[string]interface{}{ + "enabled": "false", + }, + "aggregateReports": map[string]interface{}{ + "enabled": "false", + }, + "policyReports": map[string]interface{}{ + "enabled": "false", + }, + }, + } +) + +func addKyvernoPolicyConroller(ctx context.Context, config *rest.Config) error { + repoURL, err := url.Parse(kyvernoRepoUrl) + if err != nil { + return err + } + + manager, err := helm.NewManager(config, kyvernoChartName, repoURL, kyvernoReleaseName, + helm.InstallerModifierFn(helm.WithNamespace(kyvernoNamespace)), + helm.InstallerModifierFn(helm.WithUpgradeInstall(true)), + helm.InstallerModifierFn(helm.WithCreateNamespace(true)), + ) + if err != nil { + return err + } + + err = manager.Upgrade(kyvernoChartVersion, chartValues) + if err != nil { + return err + } + + return nil +} + +// Add default policies (currently empty) +func addKyvernoDefaultPolicies(ctx context.Context, config *rest.Config) error { + return nil +} + +// Add registry policies to sync and apply image pull secrets +func addKyvernoRegistryPolicies(ctx context.Context, config *rest.Config, registry *RegistryPolicy) error { + + regplc := &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": "kyverno.io/v1", + "kind": "ClusterPolicy", + "metadata": map[string]interface{}{ + "name": "overlock-local-reg-" + registry.Name, + }, + "spec": map[string]interface{}{ + "generateExisting": true, + "rules": []interface{}{ + map[string]interface{}{ + "name": "overlock-local-reg-" + registry.Name, + "match": map[string]interface{}{ + "any": []interface{}{ + map[string]interface{}{ + "resources": map[string]interface{}{ + "kinds": []interface{}{ + "Pod", + }, + }, + }, + }, + }, + "skipBackgroundRequests": false, + "mutate": map[string]interface{}{ + "foreach": []interface{}{ + map[string]interface{}{ + "list": "request.object.spec.containers", + "patchStrategicMerge": map[string]interface{}{ + "spec": map[string]interface{}{ + "containers": []interface{}{ + map[string]interface{}{ + "(image)": fmt.Sprintf("*%s*", registry.Name), + "image": fmt.Sprintf("{{ regex_replace_all_literal('^[^/]+', '{{element.image}}', 'localhost:%s' )}}", nodePort), + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + } + + dynamicClient, err := dynamic.NewForConfig(config) + if err != nil { + return err + } + + gvr := schema.GroupVersionResource{ + Group: "kyverno.io", + Version: "v1", + Resource: "clusterpolicies", + } + + deleteKyvernoRegistryPolicies(ctx, config, registry) + + _, err = dynamicClient.Resource(gvr).Create(ctx, regplc, metav1.CreateOptions{}) + if err != nil { + return err + } + return nil +} + +// Delete policies of removed registry +func deleteKyvernoRegistryPolicies(ctx context.Context, config *rest.Config, registry *RegistryPolicy) error { + dynamicClient, err := dynamic.NewForConfig(config) + if err != nil { + return err + } + + gvr := schema.GroupVersionResource{ + Group: "kyverno.io", + Version: "v1", + Resource: "clusterpolicies", + } + scplcName := "overlock-local-reg-" + registry.Name + err = dynamicClient.Resource(gvr).Delete(ctx, scplcName, metav1.DeleteOptions{}) + if err != nil { + return err + } + return nil +} diff --git a/internal/policy/policy.go b/internal/policy/policy.go new file mode 100644 index 0000000..6d34ac8 --- /dev/null +++ b/internal/policy/policy.go @@ -0,0 +1,35 @@ +package policy + +import ( + "context" + + "k8s.io/client-go/rest" +) + +type RegistryPolicy struct { + Name string + Urls []string +} + +// Add policy controller +func AddPolicyConroller(ctx context.Context, config *rest.Config, plcType string) error { + switch plcType { + case "kyverno": + err := addKyvernoPolicyConroller(ctx, config) + if err != nil { + return err + } + return addKyvernoDefaultPolicies(ctx, config) + } + return nil +} + +// Add registry related policies +func AddRegistryPolicy(ctx context.Context, config *rest.Config, registry *RegistryPolicy) error { + return addKyvernoRegistryPolicies(ctx, config, registry) +} + +// Delete registry related policies +func DeleteRegistryPolicy(ctx context.Context, config *rest.Config, registry *RegistryPolicy) error { + return deleteKyvernoRegistryPolicies(ctx, config, registry) +} diff --git a/internal/provider/load.go b/internal/provider/load.go index b2d1bda..ad97f8a 100644 --- a/internal/provider/load.go +++ b/internal/provider/load.go @@ -23,11 +23,11 @@ func (p *Provider) LoadProvider(ctx context.Context, path string, config *rest.C isLocal, err := registry.IsLocalRegistry(ctx, client) if !isLocal || err != nil { - logger.Warn("Local registry not found try to install.") if err != nil { logger.Debug(err) } reg := registry.NewLocal() + reg.SetDefault(true) err := reg.Create(ctx, config, logger) if err != nil { return err @@ -50,13 +50,13 @@ func (p *Provider) LoadProvider(ctx context.Context, path string, config *rest.C } logger.Debug("Pushing to local registry") err = registry.PushLocalRegistry(ctx, p.Name, p.Image, config, logger) - if p.Apply { - logger.Debug("Apply provider") - return p.ApplyProvider(ctx, []string{p.Name}, config, logger) - } if err != nil { return err } logger.Infof("Image archive %s loaded to local registry.", p.Name) - return err + if p.Apply { + logger.Debug("Apply provider") + return p.ApplyProvider(ctx, []string{p.Name}, config, logger) + } + return nil } diff --git a/internal/registry/local.go b/internal/registry/local.go index b737c59..54af2b2 100644 --- a/internal/registry/local.go +++ b/internal/registry/local.go @@ -3,26 +3,34 @@ package registry import ( "bytes" "context" + "errors" "fmt" "net" "net/http" "net/url" "strings" + "time" "github.com/google/go-containerregistry/pkg/name" regv1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/web-seven/overlock/internal/kube" "github.com/web-seven/overlock/internal/namespace" + "github.com/web-seven/overlock/internal/policy" "go.uber.org/zap" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/portforward" "k8s.io/client-go/transport/spdy" + "sigs.k8s.io/controller-runtime/pkg/client" + ctrl "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/config" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) const ( @@ -39,11 +47,21 @@ var ( } ) +type RegistryReconciler struct { + client.Client + context.CancelFunc +} + // Create in cluster registry -func (r *Registry) CreateLocal(ctx context.Context, client *kubernetes.Clientset) error { +func (r *Registry) CreateLocal(ctx context.Context, client *kubernetes.Clientset, logger *zap.SugaredLogger) error { + configClient, err := config.GetConfigWithContext(r.Context) + if err != nil { + return err + } deploy := &appsv1.Deployment{ ObjectMeta: v1.ObjectMeta{ - Name: deployName, + Name: deployName, + Namespace: namespace.Namespace, }, Spec: appsv1.DeploymentSpec{ Selector: &v1.LabelSelector{ @@ -71,25 +89,11 @@ func (r *Registry) CreateLocal(ctx context.Context, client *kubernetes.Clientset }, }, } - deployments := client.AppsV1().Deployments(namespace.Namespace) - - _, err := deployments.Get(ctx, deploy.GetName(), v1.GetOptions{}) - - if err == nil { - _, err := deployments.Update(ctx, deploy, v1.UpdateOptions{}) - if err != nil { - return err - } - } else { - _, err := deployments.Create(ctx, deploy, v1.CreateOptions{}) - if err != nil { - return err - } - } svc := &corev1.Service{ ObjectMeta: v1.ObjectMeta{ - Name: svcName, + Name: svcName, + Namespace: namespace.Namespace, }, Spec: corev1.ServiceSpec{ Type: "NodePort", @@ -106,20 +110,52 @@ func (r *Registry) CreateLocal(ctx context.Context, client *kubernetes.Clientset }, } - svcs := client.CoreV1().Services(namespace.Namespace) - _, err = svcs.Get(ctx, svc.GetName(), v1.GetOptions{}) - if err == nil { - _, err := svcs.Update(ctx, svc, v1.UpdateOptions{}) + scheme := runtime.NewScheme() + corev1.AddToScheme(scheme) + appsv1.AddToScheme(scheme) + ctrlClient, _ := ctrl.New(configClient, ctrl.Options{Scheme: scheme}) + for _, res := range []ctrl.Object{deploy, svc} { + _, err := controllerutil.CreateOrUpdate(ctx, ctrlClient, res, func() error { + return nil + }) if err != nil { return err } - } else { - _, err := svcs.Create(ctx, svc, v1.CreateOptions{}) - if err != nil { - return err + } + + timeout := time.After(30 * time.Second) + ticker := time.NewTicker(1 * time.Second) + deployIsReady := false + for !deployIsReady { + select { + case <-timeout: + return errors.New("local registry to not comes ready") + case <-ticker.C: + deploy, err = client.AppsV1(). + Deployments(namespace.Namespace). + Get(ctx, deploy.GetName(), v1.GetOptions{}) + if err != nil { + return err + } + deployIsReady = deploy.Status.ReadyReplicas > 0 + } } + logger.Debug("Installing policies") + serverUrls := []string{} + for _, auth := range r.Config.Auths { + serverUrls = append( + serverUrls, + strings.Replace(auth.Server, "https://", "", -1), + ) + } + err = policy.AddRegistryPolicy(ctx, configClient, &policy.RegistryPolicy{Name: r.Name, Urls: serverUrls}) + if err != nil { + return err + } + logger.Debug("Done") + return nil } diff --git a/internal/registry/registry.go b/internal/registry/registry.go index ef79e84..415ed2b 100644 --- a/internal/registry/registry.go +++ b/internal/registry/registry.go @@ -146,16 +146,16 @@ func (r *Registry) Create(ctx context.Context, config *rest.Config, logger *zap. } release, _ := installer.GetRelease() + r.Name = r.Domain() + if r.Local { logger.Debug("Create Local Registry") - err := r.CreateLocal(ctx, client) + err := r.CreateLocal(ctx, client, logger) if err != nil { return err } } else { logger.Debug("Create Registry") - - r.Name = r.Domain() serverUrls := []string{} for _, auth := range r.Config.Auths { serverUrls = append(