search

rode / enforcer-k8s

Apache License 2.0
0 stars 0 forks source link

Handle image pull secrets #10

Closed alexashley closed 3 years ago

alexashley commented 3 years ago

Updates the enforcer to grab any image pull secrets and send them when the auth key in the secret matches the registry.

I've been testing with the demo by leaving the Harbor project set to private and doing the following:

kubectl create ns test
kubectl label ns test enforcer-k8s=enabled
kubectl -n test create secret docker-registry harbor --docker-server=https://harbor.localhost/rode-demo --docker-username=admin --docker-password=$HARBOR_PASSWORD
kubectl apply -f pod.yaml

where pod.yaml is

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx
  name: nginx
  namespace: test
spec:
  containers:
    - image: harbor.localhost/rode-demo/nginx:latest
      name: nginx
      resources: {}
  imagePullSecrets:
    - name: "harbor"
codecov-commenter commented 3 years ago

Codecov Report

Merging #10 (2536c9a) into main (f65d011) will not change coverage. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##              main       #10   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           97       133   +36     
=========================================
+ Hits            97       133   +36
Impacted Files Coverage Δ
enforcer/enforcer.go 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update f65d011...2536c9a. Read the comment docs.