1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package dockerregistry
6

7
import (
8
	"encoding/base64"
9
	"encoding/json"
10
	"fmt"
11

12
	"github.com/gitpod-io/gitpod/installer/pkg/common"
13
	corev1 "k8s.io/api/core/v1"
14
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
15
	"k8s.io/apimachinery/pkg/runtime"
16
	"k8s.io/kubectl/pkg/cmd/create"
17
	"k8s.io/utils/pointer"
18
)
19

20
func secret(ctx *common.RenderContext) ([]runtime.Object, error) {
21
	if !pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {
22
		return nil, nil
23
	}
24

25
	user := ctx.Values.InternalRegistryUsername
26
	if user == "" {
27
		return nil, fmt.Errorf("unknown value: internal registry username")
28
	}
29

30
	password := ctx.Values.InternalRegistryPassword
31
	if password == "" {
32
		return nil, fmt.Errorf("unknown value: internal registry password")
33
	}
34

35
	// todo(sje): handle if bypassing registry with proxy
36
	registryHost := "registry." + ctx.Config.Domain
37

38
	config, err := json.Marshal(create.DockerConfigJSON{
39
		Auths: map[string]create.DockerConfigEntry{
40
			registryHost: {
41
				Auth: base64.StdEncoding.EncodeToString([]byte(user + ":" + password)),
42
			},
43
		},
44
	})
45
	if err != nil {
46
		return nil, err
47
	}
48

49
	return []runtime.Object{&corev1.Secret{
50
		TypeMeta: common.TypeMetaSecret,
51
		ObjectMeta: metav1.ObjectMeta{
52
			Name:      BuiltInRegistryAuth,
53
			Namespace: ctx.Namespace,
54
			Labels:    common.DefaultLabels(Component),
55
		},
56
		Type: corev1.SecretTypeDockerConfigJson,
57
		Data: map[string][]byte{
58
			".dockerconfigjson": config,
59
			"user":              []byte(user),
60
			"password":          []byte(password),
61
		},
62
	}}, nil
63
}
64

65