[installer]: add image pull secrets to third-party container images

Author: Simon Emms

installer/pkg/common/common.go

@@ -264,10 +264,10 @@ func MessageBusWaiterContainer(ctx *RenderContext) *corev1.Container {
 	}
 }
 
-func KubeRBACProxyContainer() *corev1.Container {
+func KubeRBACProxyContainer(ctx *RenderContext) *corev1.Container {
 	return &corev1.Container{
 		Name:  "kube-rbac-proxy",
-		Image: "quay.io/brancz/kube-rbac-proxy:v0.11.0",
+		Image: ImageName(ThirdPartyContainerRepo(ctx.Config.Repository, KubeRBACProxyRepo), KubeRBACProxyImage, KubeRBACProxyTag),
 		Args: []string{
 			"--v=5",
 			"--logtostderr",

installer/pkg/common/constants.go

@@ -16,9 +16,13 @@ const (
 	BlobServeServicePort        = 4000
 	CertManagerCAIssuer         = "ca-issuer"
 	DockerRegistryName          = "registry"
+	GitpodContainerRegistry     = "eu.gcr.io/gitpod-core-dev/build"
 	InClusterDbSecret           = "mysql"
 	InClusterMessageQueueName   = "rabbitmq"
 	InClusterMessageQueueTLS    = "messagebus-certificates-secret-core"
+	KubeRBACProxyRepo           = "quay.io/brancz"
+	KubeRBACProxyImage          = "kube-rbac-proxy"
+	KubeRBACProxyTag            = "v0.11.0"
 	MinioServiceAPIPort         = 9000
 	MonitoringChart             = "monitoring"
 	ProxyComponent              = "proxy"

installer/pkg/components/agent-smith/daemonset.go

@@ -78,7 +78,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 							Privileged: pointer.Bool(true),
 							ProcMount:  func() *corev1.ProcMountType { r := corev1.DefaultProcMount; return &r }(),
 						},
-					}, *common.KubeRBACProxyContainer()},
+					}, *common.KubeRBACProxyContainer(ctx)},
 					Volumes: []corev1.Volume{{
 						Name: "config",
 						VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{

installer/pkg/components/blobserve/deployment.go

@@ -125,7 +125,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 								MountPath: "/mnt/pull-secret.json",
 								SubPath:   ".dockerconfigjson",
 							}},
-						}, *common.KubeRBACProxyContainer()},
+						}, *common.KubeRBACProxyContainer(ctx)},
 					},
 				},
 			},

installer/pkg/components/database/init/constants.go

@@ -6,6 +6,7 @@ package init
 
 const (
 	Component       = "dbinit"
+	dbSessionsRepo  = "docker.io"
 	dbSessionsImage = "mysql"
 	dbSessionsTag   = "5.7.34"
 	initScriptDir   = "files"

installer/pkg/components/database/init/job.go

@@ -47,7 +47,7 @@ func job(ctx *common.RenderContext) ([]runtime.Object, error) {
 					InitContainers: []corev1.Container{*common.DatabaseWaiterContainer(ctx)},
 					Containers: []corev1.Container{{
 						Name:            fmt.Sprintf("%s-session", Component),
-						Image:           fmt.Sprintf("%s:%s", dbSessionsImage, dbSessionsTag),
+						Image:           common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, dbSessionsRepo), dbSessionsImage, dbSessionsTag),
 						ImagePullPolicy: corev1.PullIfNotPresent,
 						Env: common.MergeEnv(
 							common.DatabaseEnv(&ctx.Config),

installer/pkg/components/image-builder-mk3/deployment.go

@@ -162,7 +162,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 							*common.InternalCAVolumeMount(),
 						},
 					},
-						*common.KubeRBACProxyContainer(),
+						*common.KubeRBACProxyContainer(ctx),
 					},
 				},
 			},

installer/pkg/components/proxy/constants.go

@@ -13,8 +13,12 @@ const (
 	ContainerHTTPSPort    = common.ProxyContainerHTTPSPort
 	ContainerHTTPSName    = common.ProxyContainerHTTPSName
 	PrometheusPort        = 9500
-	InitContainerImage    = "alpine:3.14"
-	KubeRBACProxyImage    = "quay.io/brancz/kube-rbac-proxy:v0.11.0"
+	InitContainerRepo     = "docker.io"
+	InitContainerImage    = "alpine"
+	InitContainerTag      = "3.14"
+	KubeRBACProxyRepo     = common.KubeRBACProxyRepo
+	KubeRBACProxyImage    = common.KubeRBACProxyImage
+	KubeRBACProxyTag      = common.KubeRBACProxyTag
 	MetricsContainerName  = "metrics"
 	ReadinessPort         = 8003
 	RegistryAuthSecret    = common.RegistryAuthSecret

installer/pkg/components/proxy/deployment.go

@@ -129,7 +129,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 						Volumes: volumes,
 						InitContainers: []corev1.Container{{
 							Name:            "sysctl",
-							Image:           InitContainerImage,
+							Image:           common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, InitContainerRepo), InitContainerImage, InitContainerTag),
 							ImagePullPolicy: corev1.PullIfNotPresent,
 							SecurityContext: &corev1.SecurityContext{
 								Privileged: pointer.Bool(true),
@@ -142,7 +142,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 						}},
 						Containers: []corev1.Container{{
 							Name:            "kube-rbac-proxy",
-							Image:           KubeRBACProxyImage,
+							Image:           common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, KubeRBACProxyRepo), KubeRBACProxyImage, KubeRBACProxyTag),
 							ImagePullPolicy: corev1.PullIfNotPresent,
 							Args: []string{
 								"--v=10",

installer/pkg/components/registry-facade/daemonset.go

@@ -176,7 +176,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 						}, volumeMounts...),
 					},
 
-						*common.KubeRBACProxyContainer(),
+						*common.KubeRBACProxyContainer(ctx),
 					},
 					Volumes: append([]corev1.Volume{{
 						Name:         "cache",

installer/pkg/components/server/deployment.go

@@ -149,7 +149,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 								MountPath: "/ws-manager-client-tls-certs",
 								ReadOnly:  true,
 							}},
-						}, *common.KubeRBACProxyContainer()},
+						}, *common.KubeRBACProxyContainer(ctx)},
 					},
 				},
 			},

installer/pkg/components/ws-daemon/daemonset.go

@@ -32,7 +32,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 	initContainers := []corev1.Container{
 		{
 			Name:  "disable-kube-health-monitor",
-			Image: "ubuntu:20.04",
+			Image: common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, "docker.io"), "ubuntu", "20.04"),
 			Command: []string{
 				"/usr/bin/nsenter",
 				"-t",
@@ -281,7 +281,7 @@ fi
 					Privileged: pointer.Bool(true),
 				},
 			},
-			*common.KubeRBACProxyContainer(),
+			*common.KubeRBACProxyContainer(ctx),
 		},
 		RestartPolicy:                 "Always",
 		TerminationGracePeriodSeconds: pointer.Int64(30),

installer/pkg/components/ws-manager-bridge/deployment.go

@@ -121,7 +121,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 								MountPath: "/ws-manager-client-tls-certs",
 								ReadOnly:  true,
 							}},
-						}, *common.KubeRBACProxyContainer()},
+						}, *common.KubeRBACProxyContainer(ctx)},
 					},
 				},
 			},

installer/pkg/components/ws-scheduler/deployment.go

@@ -96,7 +96,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 							MountPath: "/ws-manager-client-tls-certs",
 							ReadOnly:  true,
 						}},
-					}, *common.KubeRBACProxyContainer()},
+					}, *common.KubeRBACProxyContainer(ctx)},
 				},
 			},
 		},