add support for credential provider plugin

Signed-off-by: Kuromesi <blackfacepan@163.com>
openkruise · Aug 23, 2023 · 6e0908b · 6e0908b
1 parent e6205a5
commit 6e0908b
Show file tree

Hide file tree

Showing 58 changed files with 7,238 additions and 3 deletions.
diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go
@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"k8s.io/kubernetes/pkg/credentialprovider/plugin"
+
 	"flag"
 	"math/rand"
 	"net/http"
@@ -37,11 +39,15 @@ import (
 )
 
 var (
-	bindAddr  = flag.String("addr", ":10221", "The address the metric endpoint and healthz binds to.")
-	pprofAddr = flag.String("pprof-addr", ":10222", "The address the pprof binds to.")
+	bindAddr         = flag.String("addr", ":10221", "The address the metric endpoint and healthz binds to.")
+	pprofAddr        = flag.String("pprof-addr", ":10222", "The address the pprof binds to.")
+	pluginConfigFile string
+	pluginBinDir     string
 )
 
 func main() {
+	flag.StringVar(&pluginConfigFile, "pluginConfigFile", "/kruise/CredentialProviderPlugin.yaml", "The path of plugin config file.")
+	flag.StringVar(&pluginBinDir, "pluginBinDir", "/kruise/plugins", "The path of directory of plugin binaries.")
 	utilfeature.DefaultMutableFeatureGate.AddFlag(pflag.CommandLine)
 	klog.InitFlags(nil)
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
@@ -65,6 +71,12 @@ func main() {
 	if err != nil {
 		klog.Fatalf("Failed to new daemon: %v", err)
 	}
+
+	err = plugin.RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir)
+	if err != nil {
+		klog.Fatalf("Failed to register credential provider plugins: %v", err)
+	}
+
 	if err := d.Run(ctx); err != nil {
 		klog.Fatalf("Failed to start daemon: %v", err)
 	}

diff --git a/go.mod b/go.mod
@@ -139,6 +139,7 @@ require (
 	k8s.io/cloud-provider v0.24.16 // indirect
 	k8s.io/csi-translation-lib v0.24.16 // indirect
 	k8s.io/kube-scheduler v0.0.0 // indirect
+	k8s.io/kubelet v0.0.0 // indirect
 	k8s.io/mount-utils v0.24.16 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect

diff --git a/go.sum b/go.sum
@@ -1078,6 +1078,8 @@ k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 h1:Gii5eqf+GmIEwGNKQYQClC
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-scheduler v0.24.16 h1:ePzW7MAV7u5OrUMNHHxY5ioUQxFej7HcovuIcMzjRPU=
 k8s.io/kube-scheduler v0.24.16/go.mod h1:gQi1mRFuFeoM8zpuOy/2BZpiBhfjIJPAm0XDVrApZ4c=
+k8s.io/kubelet v0.24.16 h1:Mn0CdcRCejsE+ZVek3r8LDFHATA0xN1ISeMYYNDLdwo=
+k8s.io/kubelet v0.24.16/go.mod h1:Gcms9PYqcGVmiuH3Tmghp2wxhKCoMwtuAaGkQTBBUyA=
 k8s.io/kubernetes v1.24.16 h1:Q3sHckE7prKg4b7+fFhK9VqbFVRu6kEG3aSZ4aYp0ac=
 k8s.io/kubernetes v1.24.16/go.mod h1:LJ66K8sMVLCol0l5oJlWPaj59qXgWCCYZIaHHPm+5s8=
 k8s.io/mount-utils v0.24.16 h1:y52w5tQeo8ijVoAUm5Cht9eQdoojoG3bwA0nIo6FJ1A=

diff --git a/pkg/daemon/criruntime/imageruntime/helpers.go b/pkg/daemon/criruntime/imageruntime/helpers.go
@@ -38,10 +38,13 @@ import (
 )
 
 var (
-	keyring = credentialprovider.NewDockerKeyring()
+	keyring credentialprovider.DockerKeyring
 )
 
 func convertToRegistryAuths(pullSecrets []v1.Secret, repo string) (infos []daemonutil.AuthInfo, err error) {
+	if keyring == nil {
+		keyring = credentialprovider.NewDockerKeyring()
+	}
 	keyring, err := credentialprovidersecrets.MakeDockerKeyring(pullSecrets, keyring)
 	if err != nil {
 		return nil, err

diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go