NODE-5583 add dockerhub auth

wallarm · Aug 9, 2024 · 80e4272 · 80e4272
1 parent 234ec88
commit 80e4272
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -37,8 +37,22 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Import secrets
+        uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0
+        id: secrets
+        with:
+          exportEnv: true
+          url: ${{ secrets.VAULT_URL }}
+          role: ${{ secrets.VAULT_ROLE }}
+          method: kubernetes
+          path: kubernetes-ci
+          secrets: |
+            kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ;
+            kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ;
+
       - name: Build
         run: |
+          echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_USER} --password-stdin
           IMAGE="wallarm/sidecar-controller"
           make build TAG=${GITHUB_SHA} IMAGE=${IMAGE} PLATFORMS=linux/${{ matrix.ARCH }} BUILDX_ARGS=--load
           docker save -o sidecar-${{ matrix.ARCH }}.tar ${IMAGE}:${GITHUB_SHA}
@@ -117,6 +131,8 @@ jobs:
             kv-gitlab-ci/data/github/${{ env.env_code }} allure_server_token ;
             kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ;
             kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ;
+            kv-gitlab-ci/data/github/shared/dockerhub-creds user ;
+            kv-gitlab-ci/data/github/shared/dockerhub-creds password ;
       
       - name: Checkout
         uses: actions/checkout@v4
@@ -136,6 +152,8 @@ jobs:
         env:
           SKIP_CLUSTER_CREATION: true
           SKIP_IMAGE_CREATION: true
+          DOCKERHUB_USER: ${{ steps.secrets.outputs.user }}
+          DOCKERHUB_PASSWORD: ${{ steps.secrets.outputs.password }}
           INJECTION_STRATEGY: ${{ matrix.INJECTION_STRATEGY }}
           WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }}
           WALLARM_API_HOST: ${{ steps.secrets.outputs.api_host }}

diff --git a/test/smoke/run.sh b/test/smoke/run.sh
@@ -27,6 +27,17 @@ export INJECTION_STRATEGY="${INJECTION_STRATEGY:-single}"
 
 K8S_VERSION=${K8S_VERSION:-1.28.7}
 
+DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/"
+
+# This will prevent the secret for index.docker.io from being used if the DOCKERHUB_USER is not set.
+if [ "${DOCKERHUB_USER:-false}" = "false" ]; then
+  DOCKERHUB_REGISTRY_SERVER="fake_docker_registry_server"
+fi
+
+DOCKERHUB_SECRET_NAME="dockerhub-secret"
+DOCKERHUB_USER="${DOCKERHUB_USER:-fake_user}"
+DOCKERHUB_PASSWORD="${DOCKERHUB_PASSWORD:-fake_password}"
+
 set -o errexit
 set -o nounset
 set -o pipefail
@@ -72,6 +83,15 @@ EOF
   fi
 fi
 
+# create docker-registry secret
+echo "[test-env] creating secret docker-registry ..."
+kubectl create secret docker-registry ${DOCKERHUB_SECRET_NAME} \
+    --docker-server=${DOCKERHUB_REGISTRY_SERVER} \
+    --docker-username="${DOCKERHUB_USER}" \
+    --docker-password="${DOCKERHUB_PASSWORD}" \
+    [email protected]
+
+
 if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then
   echo "[test-env] building sidecar image..."
   make -C "${DIR}"/../../ build TAG=${TAG}
@@ -87,6 +107,9 @@ else
   IMAGE_PULL_POLICY="IfNotPresent"
 fi
 
+
+
+
 echo "[test-env] installing cert-manager"
 helm repo add jetstack https://charts.jetstack.io/
 helm repo update jetstack
@@ -95,6 +118,8 @@ helm upgrade --install cert-manager jetstack/cert-manager --set installCRDs=true
 echo "[test-env] installing Helm chart using TAG=${TAG} ..."
 
 cat << EOF | helm upgrade --install sidecar-controller "${DIR}/../../helm" --wait --debug --values -
+imagePullSecrets:
+  - name: ${DOCKERHUB_SECRET_NAME}
 config:
   sidecar:
     image:

diff --git a/test/smoke/workload.yaml b/test/smoke/workload.yaml
@@ -118,6 +118,8 @@ spec:
         sidecar.wallarm.io/proxy-extra-volume-mounts: '[{"name": "nginx-http-extra-config", "mountPath": "/nginx_include/sidecar-config.conf", "subPath": "sidecar-include.conf"}]'
         sidecar.wallarm.io/nginx-server-include: "['/nginx_include/sidecar-config.conf']"
     spec:
+      imagePullSecrets:
+        - name: dockerhub-secret
       containers:
         - name: nginx
           image: nginx:stable-alpine
@@ -146,4 +148,4 @@ spec:
       targetPort: 80
       nodePort: 30000
   selector:
-    app: workload
+    app: workload