feat: add registry namespace rewrite policy

kubesphere · Feb 13, 2025 · f9cd188 · f9cd188
1 parent b3b4931
commit f9cd188
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 24 deletions.
diff --git a/cmd/kk/apis/kubekey/v1alpha2/cluster_types.go b/cmd/kk/apis/kubekey/v1alpha2/cluster_types.go
@@ -115,6 +115,22 @@ type RegistryConfig struct {
 	NamespaceOverride  string               `yaml:"namespaceOverride" json:"namespaceOverride,omitempty"`
 	BridgeIP           string               `yaml:"bridgeIP" json:"bridgeIP,omitempty"`
 	Auths              runtime.RawExtension `yaml:"auths" json:"auths,omitempty"`
+	NamespaceRewrite   *NamespaceRewrite    `yaml:"namespaceRewrite" json:"namespaceRewrite"`
+}
+
+// NamespaceRewritePolicy define namespaceRewrite policy
+type NamespaceRewritePolicy string
+
+const (
+	// ChangePrefix change image namespace prefix
+	ChangePrefix NamespaceRewritePolicy = "changePrefix"
+)
+
+// NamespaceRewrite ...
+type NamespaceRewrite struct {
+	Policy NamespaceRewritePolicy
+	Src    []string `yaml:"src" json:"src"`
+	Dest   string   `yaml:"dest" json:"dest"`
 }
 
 // KubeSphere defines the configuration information of the KubeSphere.

diff --git a/cmd/kk/pkg/images/images.go b/cmd/kk/pkg/images/images.go
@@ -19,9 +19,11 @@ package images
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/pkg/errors"
 
+	"github.com/kubesphere/kubekey/v3/cmd/kk/apis/kubekey/v1alpha2"
 	kubekeyapiv1alpha2 "github.com/kubesphere/kubekey/v3/cmd/kk/apis/kubekey/v1alpha2"
 	"github.com/kubesphere/kubekey/v3/cmd/kk/pkg/common"
 	"github.com/kubesphere/kubekey/v3/cmd/kk/pkg/core/connector"
@@ -42,6 +44,7 @@ type Image struct {
 	Tag               string
 	Group             string
 	Enable            bool
+	NamespaceRewrite  *v1alpha2.NamespaceRewrite
 }
 
 // Images contains a list of Image
@@ -94,6 +97,30 @@ func (image Image) ImageRepo() string {
 		}
 	}
 
+	if image.NamespaceRewrite != nil {
+		switch image.NamespaceRewrite.Policy {
+		case v1alpha2.ChangePrefix:
+			matchSrc := ""
+			for _, src := range image.NamespaceRewrite.Src {
+				if strings.Contains(image.Namespace, src) {
+					matchSrc = src
+				}
+			}
+			modifiedNamespace := ""
+			if matchSrc == "" {
+				// 没匹配到要修改的namespace，添加前缀
+				modifiedNamespace = fmt.Sprintf("%s/%s", image.NamespaceRewrite.Dest, image.Namespace)
+			} else {
+				// 匹配到了，直接替换
+				modifiedNamespace = strings.ReplaceAll(image.Namespace, matchSrc, image.NamespaceRewrite.Dest)
+			}
+			logger.Log.Debugf("changed iamge namespace: %s -> %s", image.Namespace, modifiedNamespace)
+			image.Namespace = modifiedNamespace
+		default:
+			logger.Log.Warn("namespace rewrite action not specified")
+		}
+	}
+
 	if image.RepoAddr == "" {
 		if image.Namespace == "" {
 			prefix = ""
@@ -131,30 +158,31 @@ func (images *Images) PullImages(runtime connector.Runtime, kubeConf *common.Kub
 
 	host := runtime.RemoteHost()
 
-    for _, image := range images.Images {
-        switch {
-        case host.IsRole(common.Master) && image.Group == kubekeyapiv1alpha2.Master && image.Enable,
-            host.IsRole(common.Worker) && image.Group == kubekeyapiv1alpha2.Worker && image.Enable,
-            (host.IsRole(common.Master) || host.IsRole(common.Worker)) && image.Group == kubekeyapiv1alpha2.K8s && image.Enable,
-            host.IsRole(common.ETCD) && image.Group == kubekeyapiv1alpha2.Etcd && image.Enable:
-
-            logger.Log.Messagef(host.GetName(), "downloading image: %s", image.ImageName())
-
-            var pullCommand string
-            if pullCmd == "crictl" {
-                pullCommand = fmt.Sprintf("env PATH=$PATH %s pull %s", pullCmd, image.ImageName())
-            } else {
-                pullCommand = fmt.Sprintf("env PATH=$PATH %s pull %s --platform %s", pullCmd, image.ImageName(), host.GetArch())
-            }
-
-            if _, err := runtime.GetRunner().SudoCmd(pullCommand, false); err != nil {
-                return errors.Wrap(err, "pull image failed")
-            }
-        default:
-            continue
-        }
-    }
-    return nil
+	for _, image := range images.Images {
+		switch {
+		case host.IsRole(common.Master) && image.Group == kubekeyapiv1alpha2.Master && image.Enable,
+			host.IsRole(common.Worker) && image.Group == kubekeyapiv1alpha2.Worker && image.Enable,
+			(host.IsRole(common.Master) || host.IsRole(common.Worker)) && image.Group == kubekeyapiv1alpha2.K8s && image.Enable,
+			host.IsRole(common.ETCD) && image.Group == kubekeyapiv1alpha2.Etcd && image.Enable:
+
+			imagePullName := image.ImageName()
+			logger.Log.Messagef(host.GetName(), "downloading image: %s", imagePullName)
+
+			var pullCommand string
+			if pullCmd == "crictl" {
+				pullCommand = fmt.Sprintf("env PATH=$PATH %s pull %s", pullCmd, imagePullName)
+			} else {
+				pullCommand = fmt.Sprintf("env PATH=$PATH %s pull %s --platform %s", pullCmd, imagePullName, host.GetArch())
+			}
+
+			if _, err := runtime.GetRunner().SudoCmd(pullCommand, false); err != nil {
+				return errors.Wrap(err, "pull image failed")
+			}
+		default:
+			continue
+		}
+	}
+	return nil
 }
 
 // DefaultRegistry is used to get default registry address.

diff --git a/cmd/kk/pkg/images/tasks.go b/cmd/kk/pkg/images/tasks.go
@@ -150,6 +150,9 @@ func GetImage(runtime connector.ModuleRuntime, kubeConf *common.KubeConf, name s
 	if kubeConf.Cluster.Registry.NamespaceOverride != "" {
 		image.NamespaceOverride = kubeConf.Cluster.Registry.NamespaceOverride
 	}
+	if kubeConf.Cluster.Registry.NamespaceRewrite != nil {
+		image.NamespaceRewrite = kubeConf.Cluster.Registry.NamespaceRewrite
+	}
 	return image
 }
 
@@ -281,6 +284,7 @@ func (c *CopyImagesToRegistry) Execute(runtime connector.Runtime) error {
 			NamespaceOverride: "",
 			Repo:              imageName,
 			Tag:               imageTag,
+			NamespaceRewrite:  c.KubeConf.Cluster.Registry.NamespaceRewrite,
 		}
 
 		uniqueImage, p := ParseImageWithArchTag(image.ImageName())

diff --git a/docs/config-example.md b/docs/config-example.md
@@ -165,6 +165,12 @@ spec:
         skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.
         plainHTTP: false # Allow contacting registries over HTTP.
         certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (*.crt, *.cert, *.key) to connect to the registry.
+    namespaceRewrite:
+      action: changePrefix
+      src: 
+        - kubesphere
+        - calico
+      dest: library
   addons: [] # You can install cloud-native addons (Chart or YAML) by using this field.
   #dns:
   #  ## Optional hosts file content to coredns use as /etc/hosts file.