estahn · BEvgeniyS · Jan 30, 2023
diff --git a/pkg/webhook/image_swapper.go b/pkg/webhook/image_swapper.go
@@ -204,46 +204,48 @@ func (p *ImageSwapper) Mutate(ctx context.Context, ar *kwhmodel.AdmissionReview,
 
 			targetImage := p.targetName(srcRef)
 
-			copyFn := func() {
-				// Avoid unnecessary copying by ending early. For images such as :latest we adhere to the
-				// image pull policy.
-				if p.registryClient.ImageExists(targetImage) && container.ImagePullPolicy != corev1.PullAlways {
-					return
-				}
-
-				// Create repository
-				createRepoName := reference.TrimNamed(srcRef.DockerReference()).String()
-				log.Ctx(lctx).Debug().Str("repository", createRepoName).Msg("create repository")
-				if err := p.registryClient.CreateRepository(createRepoName); err != nil {
-					log.Err(err)
-				}
-
-				// Retrieve secrets and auth credentials
-				imagePullSecrets, err := p.imagePullSecretProvider.GetImagePullSecrets(pod)
-				if err != nil {
-					log.Err(err)
-				}
-
-				authFile, err := imagePullSecrets.AuthFile()
-				if authFile != nil {
-					defer func() {
-						if err := os.RemoveAll(authFile.Name()); err != nil {
-							log.Err(err)
-						}
-					}()
-				}
-
-				if err != nil {
-					log.Err(err)
-				}
-
-				// Copy image
-				// TODO: refactor to use structure instead of passing file name / string
-				//       or transform registryClient creds into auth compatible form, e.g.
-				//       {"auths":{"aws_account_id.dkr.ecr.region.amazonaws.com":{"username":"AWS","password":"..."	}}}
-				log.Ctx(lctx).Trace().Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copy image")
-				if err := copyImage(srcRef.DockerReference().String(), authFile.Name(), targetImage, p.registryClient.Credentials()); err != nil {
-					log.Ctx(lctx).Err(err).Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copying image to target registry failed")
+			var copyFn func()
+
+			// Avoid unnecessary copying by ending early. For images such as :latest we adhere to the
+			// image pull policy.
+			if p.registryClient.ImageExists(targetImage) && container.ImagePullPolicy != corev1.PullAlways {
+				copyFn = func() {}
+			} else {
+				copyFn = func() {
+					// Create repository
+					createRepoName := reference.TrimNamed(srcRef.DockerReference()).String()
+					log.Ctx(lctx).Debug().Str("repository", createRepoName).Msg("create repository")
+					if err := p.registryClient.CreateRepository(createRepoName); err != nil {
+						log.Err(err)
+					}
+
+					// Retrieve secrets and auth credentials
+					imagePullSecrets, err := p.imagePullSecretProvider.GetImagePullSecrets(pod)
+					if err != nil {
+						log.Err(err)
+					}
+
+					authFile, err := imagePullSecrets.AuthFile()
+					if authFile != nil {
+						defer func() {
+							if err := os.RemoveAll(authFile.Name()); err != nil {
+								log.Err(err)
+							}
+						}()
+					}
+
+					if err != nil {
+						log.Err(err)
+					}
+
+					// Copy image
+					// TODO: refactor to use structure instead of passing file name / string
+					//       or transform registryClient creds into auth compatible form, e.g.
+					//       {"auths":{"aws_account_id.dkr.ecr.region.amazonaws.com":{"username":"AWS","password":"..."	}}}
+					log.Ctx(lctx).Trace().Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copy image")
+					if err := copyImage(srcRef.DockerReference().String(), authFile.Name(), targetImage, p.registryClient.Credentials()); err != nil {
+						log.Ctx(lctx).Err(err).Str("source", srcRef.DockerReference().String()).Str("target", targetImage).Msg("copying image to target registry failed")
+					}
 				}
 			}
 

diff --git a/upd.sh b/upd.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# set -e
+
+tag=$1
+
+rm -f k8s-image-swapper
+GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build
+
+docker build -t k8s-image-swapper:"$tag" .
+
+
+push_thing () {
+  local tag=$1
+  local account=$2
+  local region=$3
+  docker tag k8s-image-swapper:"$tag" "$account".dkr.ecr."$region".amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag"
+  AWS_PROFILE=stageeng docker push "${account}".dkr.ecr."$region".amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag"
+}
+
+# for r in us-west-2 ap-southeast-2 us-east-1 eu-west-1; do
+# for a in "520455238173" "035088524874"; do
+#   for r in us-west-2 ap-southeast-2 us-east-1 eu-west-1; do
+#     push_thing "$1" "${a}" "${r}" &
+#   done
+# done
+
+push_thing "$1" "520455238173" "us-west-2"
+# push_thing "$1" "035088524874" "us-wnest-2"
+
+kubectl --context dev-us-west-2 -n kube-system set image deploy/k8s-image-swapper k8s-image-swapper=520455238173.dkr.ecr.us-west-2.amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag"
+# kubectl --context stage-us-west-2 -n kube-system set image deploy/k8s-image-swapper k8s-image-swapper=035088524874.dkr.ecr.us-west-2.amazonaws.com/ghcr.io/estahn/k8s-image-swapper:"$tag"