mirror of https://github.com/k3s-io/k3s
fix acr sp access issue
andyzhangx
parent
b68c9440da
commit
a7e328c211
|
|
@ -40,6 +40,8 @@ var flagConfigFile = pflag.String("azure-container-registry-config", "",
|
||||||
|
|
||||||
const dummyRegistryEmail = "name@contoso.com"
|
const dummyRegistryEmail = "name@contoso.com"
|
||||||
|
|
||||||
|
var containerRegistryUrls = []string{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}
|
||||||
|
|
||||||
// init registers the various means by which credentials may
|
// init registers the various means by which credentials may
|
||||||
// be resolved on Azure.
|
// be resolved on Azure.
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -176,6 +178,7 @@ func (a *acrProvider) Provide() credentialprovider.DockerConfig {
|
||||||
ctx, cancel := getContextWithCancel()
|
ctx, cancel := getContextWithCancel()
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
|
if a.config.UseManagedIdentityExtension {
|
||||||
glog.V(4).Infof("listing registries")
|
glog.V(4).Infof("listing registries")
|
||||||
result, err := a.registryClient.List(ctx)
|
result, err := a.registryClient.List(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -185,22 +188,23 @@ func (a *acrProvider) Provide() credentialprovider.DockerConfig {
|
||||||
|
|
||||||
for ix := range result {
|
for ix := range result {
|
||||||
loginServer := getLoginServer(result[ix])
|
loginServer := getLoginServer(result[ix])
|
||||||
var cred *credentialprovider.DockerConfigEntry
|
glog.V(2).Infof("loginServer: %s", loginServer)
|
||||||
|
cred, err := getACRDockerEntryFromARMToken(a, loginServer)
|
||||||
if a.config.UseManagedIdentityExtension {
|
|
||||||
cred, err = getACRDockerEntryFromARMToken(a, loginServer)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
cfg[loginServer] = *cred
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
cred = &credentialprovider.DockerConfigEntry{
|
// Add our entry for each of the supported container registry URLs
|
||||||
|
for _, url := range containerRegistryUrls {
|
||||||
|
cred := &credentialprovider.DockerConfigEntry{
|
||||||
Username: a.config.AADClientID,
|
Username: a.config.AADClientID,
|
||||||
Password: a.config.AADClientSecret,
|
Password: a.config.AADClientSecret,
|
||||||
Email: dummyRegistryEmail,
|
Email: dummyRegistryEmail,
|
||||||
}
|
}
|
||||||
|
cfg[url] = *cred
|
||||||
}
|
}
|
||||||
|
|
||||||
cfg[loginServer] = *cred
|
|
||||||
}
|
}
|
||||||
return cfg
|
return cfg
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -43,19 +43,25 @@ func Test(t *testing.T) {
|
||||||
{
|
{
|
||||||
Name: to.StringPtr("foo"),
|
Name: to.StringPtr("foo"),
|
||||||
RegistryProperties: &containerregistry.RegistryProperties{
|
RegistryProperties: &containerregistry.RegistryProperties{
|
||||||
LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
|
LoginServer: to.StringPtr("*.azurecr.io"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: to.StringPtr("bar"),
|
Name: to.StringPtr("bar"),
|
||||||
RegistryProperties: &containerregistry.RegistryProperties{
|
RegistryProperties: &containerregistry.RegistryProperties{
|
||||||
LoginServer: to.StringPtr("bar-microsoft.azurecr.io"),
|
LoginServer: to.StringPtr("*.azurecr.cn"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: to.StringPtr("baz"),
|
Name: to.StringPtr("baz"),
|
||||||
RegistryProperties: &containerregistry.RegistryProperties{
|
RegistryProperties: &containerregistry.RegistryProperties{
|
||||||
LoginServer: to.StringPtr("baz-microsoft.azurecr.io"),
|
LoginServer: to.StringPtr("*.azurecr.de"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: to.StringPtr("bus"),
|
||||||
|
RegistryProperties: &containerregistry.RegistryProperties{
|
||||||
|
LoginServer: to.StringPtr("*.azurecr.us"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue