diff --git a/pkg/webhook/image_swapper.go b/pkg/webhook/image_swapper.go index 2788ac49..543c61f6 100644 --- a/pkg/webhook/image_swapper.go +++ b/pkg/webhook/image_swapper.go @@ -204,46 +204,48 @@ func (p *ImageSwapper) Mutate(ctx context.Context, ar *kwhmodel.AdmissionReview, targetImage := p.targetName(srcRef) - copyFn := func() { - // Avoid unnecessary copying by ending early. For images such as :latest we adhere to the - // image pull policy. - if p.registryClient.ImageExists(targetImage) && container.ImagePullPolicy != corev1.PullAlways { - return - } - - // Create repository - createRepoName := reference.TrimNamed(srcRef.DockerReference()).String() - log.Ctx(lctx).Debug().Str("repository", createRepoName).Msg("create repository") - if err := p.registryClient.CreateRepository(createRepoName); err != nil { - log.Err(err) - } - - // Retrieve secrets and auth credentials - imagePullSecrets, err := p.imagePullSecretProvider.GetImagePullSecrets(pod) - if err != nil { - log.Err(err) - } - - authFile, err := imagePullSecrets.AuthFile() - if authFile != nil { - defer func() { - if err := os.RemoveAll(authFile.Name()); err != nil { - log.Err(err) - } - }() - } - - if err != nil { - log.Err(err) - } - - // Copy image - // TODO: refactor to use structure instead of passing file name / string - // or transform registryClient creds into auth compatible form, e.g. - // {"auths":{"aws_account_id.dkr.ecr.region.amazonaws.com":{"username":"AWS","password":"..." }}} - log.Ctx(lctx).Trace().Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copy image") - if err := copyImage(srcRef.DockerReference().String(), authFile.Name(), targetImage, p.registryClient.Credentials()); err != nil { - log.Ctx(lctx).Err(err).Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copying image to target registry failed") + var copyFn func() + + // Avoid unnecessary copying by ending early. For images such as :latest we adhere to the + // image pull policy. + if p.registryClient.ImageExists(targetImage) && container.ImagePullPolicy != corev1.PullAlways { + copyFn = func() {} + } else { + copyFn = func() { + // Create repository + createRepoName := reference.TrimNamed(srcRef.DockerReference()).String() + log.Ctx(lctx).Debug().Str("repository", createRepoName).Msg("create repository") + if err := p.registryClient.CreateRepository(createRepoName); err != nil { + log.Err(err) + } + + // Retrieve secrets and auth credentials + imagePullSecrets, err := p.imagePullSecretProvider.GetImagePullSecrets(pod) + if err != nil { + log.Err(err) + } + + authFile, err := imagePullSecrets.AuthFile() + if authFile != nil { + defer func() { + if err := os.RemoveAll(authFile.Name()); err != nil { + log.Err(err) + } + }() + } + + if err != nil { + log.Err(err) + } + + // Copy image + // TODO: refactor to use structure instead of passing file name / string + // or transform registryClient creds into auth compatible form, e.g. + // {"auths":{"aws_account_id.dkr.ecr.region.amazonaws.com":{"username":"AWS","password":"..." }}} + log.Ctx(lctx).Trace().Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copy image") + if err := copyImage(srcRef.DockerReference().String(), authFile.Name(), targetImage, p.registryClient.Credentials()); err != nil { + log.Ctx(lctx).Err(err).Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copying image to target registry failed") + } } } diff --git a/upd.sh b/upd.sh new file mode 100755 index 00000000..cb038177 --- /dev/null +++ b/upd.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +# set -e + +tag=$1 + +rm -f k8s-image-swapper +GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build + +docker build -t k8s-image-swapper:"$tag" . + + +push_thing () { + local tag=$1 + local account=$2 + local region=$3 + docker tag k8s-image-swapper:"$tag" "$account".dkr.ecr."$region".amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag" + AWS_PROFILE=stageeng docker push "${account}".dkr.ecr."$region".amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag" +} + +# for r in us-west-2 ap-southeast-2 us-east-1 eu-west-1; do +# for a in "520455238173" "035088524874"; do +# for r in us-west-2 ap-southeast-2 us-east-1 eu-west-1; do +# push_thing "$1" "${a}" "${r}" & +# done +# done + +push_thing "$1" "520455238173" "us-west-2" +# push_thing "$1" "035088524874" "us-wnest-2" + +kubectl --context dev-us-west-2 -n kube-system set image deploy/k8s-image-swapper k8s-image-swapper=520455238173.dkr.ecr.us-west-2.amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag" +# kubectl --context stage-us-west-2 -n kube-system set image deploy/k8s-image-swapper k8s-image-swapper=035088524874.dkr.ecr.us-west-2.amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag"