This PR does the following things:

1. add new registry api under resources.kubesphere.io/v1alpha3 2. deprecate registry api v1alpha2 Registry API v1alpha2 uses docker client to authenticate image registry secret, which depends on docker.sock. We used to mount host `/var/run/docker.sock` to deployment. It will prevent us imgrating to containerd since no `docker.sock` exists. Registry API v1alpha3 comes to rescure, it wraps library go-containerregistry and compatible with docker registry, Harbor etc.
2021-08-23 19:56:28 +08:00
parent c740fef5b4
commit 3d2fd1b538
88 changed files with 10002 additions and 16 deletions
--- a/pkg/models/registries/v2/registry_helper.go
+++ b/pkg/models/registries/v2/registry_helper.go
@@ -0,0 +1,52 @@
+package v2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+)
+
+type RegistryHelper interface {
+	// check if secret has correct credential to authenticate with remote registry
+	Auth(secret *corev1.Secret) (bool, error)
+
+	// fetch OCI Image Manifest, specification described as in https://github.com/opencontainers/image-spec/blob/main/manifest.md
+	Config(secret *corev1.Secret, image string) (*ImageConfig, error)
+
+	// list all tags of given repository, experimental
+	ListRepositoryTags(secret *corev1.Secret, repository string) (RepositoryTags, error)
+}
+
+type registryHelper struct{}
+
+func NewRegistryHelper() RegistryHelper {
+	return &registryHelper{}
+}
+
+func (r *registryHelper) Auth(secret *corev1.Secret) (bool, error) {
+	secretAuth, err := NewSecretAuthenticator(secret)
+	if err != nil {
+		return false, err
+	}
+
+	return secretAuth.Auth()
+}
+
+func (r *registryHelper) Config(secret *corev1.Secret, image string) (*ImageConfig, error) {
+	secretAuth, err := NewSecretAuthenticator(secret)
+	if err != nil {
+		return nil, err
+	}
+
+	registryer := NewRegistryer(secretAuth.Options()...)
+	config, err := registryer.Config(image)
+	return &ImageConfig{ConfigFile: config}, err
+}
+
+func (r *registryHelper) ListRepositoryTags(secret *corev1.Secret, image string) (RepositoryTags, error) {
+	secretAuth, err := NewSecretAuthenticator(secret)
+	if err != nil {
+		return RepositoryTags{}, err
+	}
+
+	registryer := NewRegistryer(secretAuth.Options()...)
+	return registryer.ListRepositoryTags(image)
+}