2022-04-12 14:07:17 +00:00
|
|
|
package resources
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/edgelesssys/constellation/internal/secrets"
|
|
|
|
k8s "k8s.io/api/core/v1"
|
|
|
|
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
)
|
|
|
|
|
|
|
|
// NewImagePullSecret creates a new k8s.Secret from the config for authenticating when pulling images.
|
2022-08-04 16:15:52 +02:00
|
|
|
func NewImagePullSecret(namespace string) k8s.Secret {
|
2022-04-12 14:07:17 +00:00
|
|
|
base64EncodedSecret := base64.StdEncoding.EncodeToString(
|
|
|
|
[]byte(fmt.Sprintf("%s:%s", secrets.PullSecretUser, secrets.PullSecretToken)),
|
|
|
|
)
|
|
|
|
|
2022-07-08 10:59:59 +02:00
|
|
|
pullSecretDockerCfgJSON := fmt.Sprintf(`{"auths":{"ghcr.io":{"auth":"%s"}}}`, base64EncodedSecret)
|
2022-04-12 14:07:17 +00:00
|
|
|
|
|
|
|
return k8s.Secret{
|
|
|
|
TypeMeta: meta.TypeMeta{
|
|
|
|
APIVersion: "v1",
|
|
|
|
Kind: "Secret",
|
|
|
|
},
|
|
|
|
ObjectMeta: meta.ObjectMeta{
|
|
|
|
Name: secrets.PullSecretName,
|
2022-08-04 16:15:52 +02:00
|
|
|
Namespace: namespace,
|
2022-04-12 14:07:17 +00:00
|
|
|
},
|
2022-07-08 10:59:59 +02:00
|
|
|
StringData: map[string]string{".dockerconfigjson": pullSecretDockerCfgJSON},
|
2022-04-12 14:07:17 +00:00
|
|
|
Type: "kubernetes.io/dockerconfigjson",
|
|
|
|
}
|
|
|
|
}
|