add support for credential provider plugin

Signed-off-by: Kuromesi <[email protected]>
openkruise · May 15, 2024 · 2690c5d · 2690c5d
1 parent 13fe9ca
commit 2690c5d
Show file tree

Hide file tree

Showing 53 changed files with 7,346 additions and 4 deletions.
diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go
@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"k8s.io/kubernetes/pkg/credentialprovider/plugin"
+
 	"flag"
 	"math/rand"
 	"net/http"
@@ -37,9 +39,11 @@ import (
 )
 
 var (
-	bindAddr    = flag.String("addr", ":10221", "The address the metric endpoint and healthz binds to.")
-	pprofAddr   = flag.String("pprof-addr", ":10222", "The address the pprof binds to.")
-	enablePprof = flag.Bool("enable-pprof", true, "Enable pprof for daemon.")
+	bindAddr         = flag.String("addr", ":10221", "The address the metric endpoint and healthz binds to.")
+	pprofAddr        = flag.String("pprof-addr", ":10222", "The address the pprof binds to.")
+	enablePprof      = flag.Bool("enable-pprof", true, "Enable pprof for daemon.")
+	pluginConfigFile string
+	pluginBinDir     string
 )
 
 func main() {
@@ -68,6 +72,14 @@ func main() {
 	if err != nil {
 		klog.Fatalf("Failed to new daemon: %v", err)
 	}
+
+	flag.StringVar(&pluginConfigFile, "pluginConfigFile", "/kruise/CredentialProviderPlugin.yaml", "The path of plugin config file.")
+	flag.StringVar(&pluginBinDir, "pluginBinDir", "/kruise/plugins", "The path of directory of plugin binaries.")
+	err = plugin.RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir)
+	if err != nil {
+		klog.Fatalf("Failed to register credential provider plugins: %v", err)
+	}
+
 	if err := d.Run(ctx); err != nil {
 		klog.Fatalf("Failed to start daemon: %v", err)
 	}

diff --git a/pkg/util/secret/parse.go b/pkg/util/secret/parse.go
@@ -6,6 +6,7 @@ import (
 
 	daemonutil "github.com/openkruise/kruise/pkg/daemon/util"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/klog/v2"
 	"k8s.io/kubernetes/pkg/credentialprovider"
 	credentialprovidersecrets "k8s.io/kubernetes/pkg/credentialprovider/secrets"
 )
@@ -22,10 +23,14 @@ func AuthInfos(ctx context.Context, imageName, tag string, pullSecrets []corev1.
 }
 
 var (
-	keyring = credentialprovider.NewDockerKeyring()
+	keyring credentialprovider.DockerKeyring
 )
 
 func ConvertToRegistryAuths(pullSecrets []corev1.Secret, repo string) (infos []daemonutil.AuthInfo, err error) {
+	if keyring == nil {
+		klog.Infof("init docker keyring")
+		keyring = credentialprovider.NewDockerKeyring()
+	}
 	keyring, err := credentialprovidersecrets.MakeDockerKeyring(pullSecrets, keyring)
 	if err != nil {
 		return nil, err

diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go