(fix) Create addon to configure registry helper

- Service Account and binding to run the job - Registry aliases ConfigMap - Registry aliases daemonset to update the node etc/hosts fixes: 4604 Signed-off-by: Kamesh Sampath <ksampath@redhat.com>
kubernetes · Feb 16, 2020 · 0042e5f · 0042e5f
1 parent 1d3cef6
commit 0042e5f
Show file tree

Hide file tree

Showing 7 changed files with 151 additions and 0 deletions.
diff --git a/deploy/addons/registry-aliases/node-etc-hosts-update.tmpl b/deploy/addons/registry-aliases/node-etc-hosts-update.tmpl
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: registry-aliases-hosts-update
+  namespace: kube-system
+  labels:
+    kubernetes.io/minikube-addons: registry-aliases
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  selector:
+    matchLabels:
+      app: registry-aliases-hosts-update
+  template:
+    metadata:
+      labels:
+        app: registry-aliases-hosts-update
+    spec:
+      initContainers:
+        - name: update
+          image: registry.fedoraproject.org/fedora
+          volumeMounts:
+            - name: etchosts
+              mountPath: /host-etc/hosts
+              readOnly: false
+          env:
+            - name: REGISTRY_ALIASES
+              valueFrom:
+                configMapKeyRef:
+                  name: registry-aliases
+                  key: registryAliases
+          command:
+            - bash
+            - -ce
+            - |
+              NL=$'\n'
+              TAB=$'\t'
+              HOSTS="$(cat /host-etc/hosts)"
+              [ -z "$REGISTRY_SERVICE_HOST" ] && echo "Failed to get hosts entry for default registry" && exit 1;
+              for H in $REGISTRY_ALIASES; do                
+                echo "$HOSTS" | grep "$H"  || HOSTS="$HOSTS$NL$REGISTRY_SERVICE_HOST$TAB$H";
+              done;
+              echo "$HOSTS" | diff -u /host-etc/hosts - || echo "$HOSTS" > /host-etc/hosts
+              echo "Done."
+      containers:
+        - name: pause-for-update
+          image: gcr.io/google_containers/pause-amd64:3.1
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: etchosts
+          hostPath:
+            path: /etc/hosts
diff --git a/deploy/addons/registry-aliases/patch-coredns-job.tmpl b/deploy/addons/registry-aliases/patch-coredns-job.tmpl
@@ -0,0 +1,26 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: registry-aliases-patch-core-dns
+  namespace: kube-system
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      serviceAccountName: registry-aliases-sa
+      volumes:
+       - name: minikube
+         hostPath: 
+           path: /var/lib/minikube/binaries
+      containers:
+       - name: core-dns-patcher
+         image:  quay.io/rhdevelopers/core-dns-patcher
+         imagePullPolicy: IfNotPresent
+         # using the kubectl from the minikube instance
+         volumeMounts:
+           - mountPath: /var/lib/minikube/binaries
+             name: minikube
+             readOnly: true
+      restartPolicy: Never
+  backoffLimit: 4
diff --git a/deploy/addons/registry-aliases/registry-aliases-config.tmpl b/deploy/addons/registry-aliases/registry-aliases-config.tmpl
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-aliases
+  namespace: kube-system
+  labels:
+    kubernetes.io/minikube-addons: registry-aliases
+    addonmanager.kubernetes.io/mode: Reconcile
+data:
+  # Add additonal hosts seperated by new-line
+  registryAliases: >-
+    example.org
+    example.com
+    test.com
+    test.org
+  # default registry address in minikube when enabled via minikube addons enable registry
+  registrySvc: registry.kube-system.svc.cluster.local
+
diff --git a/deploy/addons/registry-aliases/registry-aliases-sa-crb.tmpl b/deploy/addons/registry-aliases/registry-aliases-sa-crb.tmpl
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: registry-aliases-crb
+subjects:
+- kind: ServiceAccount
+  name: registry-aliases-sa
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/addons/registry-aliases/registry-aliases-sa.tmpl b/deploy/addons/registry-aliases/registry-aliases-sa.tmpl
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+   name: registry-aliases-sa
+   namespace: kube-system
diff --git a/pkg/addons/config.go b/pkg/addons/config.go
@@ -112,6 +112,13 @@ var Addons = []*Addon{
 		set:       SetBool,
 		callbacks: []setFn{enableOrDisableAddon},
 	},
+	{
+		name:      "registry-aliases",
+		set:       SetBool,
+		callbacks: []setFn{enableOrDisableAddon},
+		//TODO - add other settings
+		//TODO check if registry addon is enabled
+	},
 	{
 		name:      "storage-provisioner",
 		set:       SetBool,

diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go
@@ -246,6 +246,38 @@ var Addons = map[string]*Addon{
 			"0640",
 			false),
 	}, false, "registry-creds"),
+	"registry-aliases": NewAddon([]*BinAsset{
+		MustBinAsset(
+			"deploy/addons/registry-aliases/registry-aliases-sa.tmpl",
+			vmpath.GuestAddonsDir,
+			"registry-aliases-sa.yaml",
+			"0640",
+			false),
+		MustBinAsset(
+			"deploy/addons/registry-aliases/registry-aliases-sa-crb.tmpl",
+			vmpath.GuestAddonsDir,
+			"registry-aliases-sa-crb.yaml",
+			"0640",
+			false),
+		MustBinAsset(
+			"deploy/addons/registry-aliases/registry-aliases-config.tmpl",
+			vmpath.GuestAddonsDir,
+			"registry-aliases-config.yaml",
+			"0640",
+			false),
+		MustBinAsset(
+			"deploy/addons/registry-aliases/node-etc-hosts-update.tmpl",
+			vmpath.GuestAddonsDir,
+			"node-etc-hosts-update.yaml",
+			"0640",
+			false),
+		MustBinAsset(
+			"deploy/addons/registry-aliases/patch-coredns-job.tmpl",
+			vmpath.GuestAddonsDir,
+			"patch-coredns-job.yaml",
+			"0640",
+			false),
+	}, false, "registry-aliases"),
 	"freshpod": NewAddon([]*BinAsset{
 		MustBinAsset(
 			"deploy/addons/freshpod/freshpod-rc.yaml.tmpl",