Setup registry.conf Env Vars for Buildah

* Remove build-registry-conf mount
* Supply ConfigMap for build-system-configs mount
* Mount build-system-configs for all build containers
* Rename registry config -> build system config

JIRA-ID: [DEVEXP-154](https://jira.coreos.com/browse/DEVEXP-154)

Author: adambkaplan

pkg/build/buildapihelpers/util.go

@@ -9,9 +9,9 @@ import (
 
 const (
 	// buildPodSuffix is the suffix used to append to a build pod name given a build name
-	buildPodSuffix              = "build"
-	caConfigMapSuffix           = "ca"
-	registryConfConfigMapSuffix = "registry-conf"
+	buildPodSuffix           = "build"
+	caConfigMapSuffix        = "ca"
+	sysConfigConfigMapSuffix = "sys-config"
 )
 
 // GetBuildPodName returns name of the build pod.
@@ -25,10 +25,10 @@ func GetBuildCAConfigMapName(build *buildv1.Build) string {
 	return apihelpers.GetConfigMapName(build.Name, caConfigMapSuffix)
 }
 
-// GetBuildRegistryConfigMapName returns the name of the ConfigMap containing the build's
+// GetBuildSystemConfigMapName returns the name of the ConfigMap containing the build's
 // registry configuration.
-func GetBuildRegistryConfigMapName(build *buildv1.Build) string {
-	return apihelpers.GetConfigMapName(build.Name, registryConfConfigMapSuffix)
+func GetBuildSystemConfigMapName(build *buildv1.Build) string {
+	return apihelpers.GetConfigMapName(build.Name, sysConfigConfigMapSuffix)
 }
 
 func StrategyType(strategy buildv1.BuildStrategy) string {

pkg/build/controller/build/build_controller.go

@@ -969,13 +969,13 @@ func (bc *BuildController) createBuildPod(build *buildv1.Build) (*buildUpdate, e
 				return update, err
 			}
 		}
-		hasRegistryConf, err := bc.findOwnedConfigMap(existingPod, build.Namespace, buildapihelpers.GetBuildRegistryConfigMapName(build))
+		hasRegistryConf, err := bc.findOwnedConfigMap(existingPod, build.Namespace, buildapihelpers.GetBuildSystemConfigMapName(build))
 		if err != nil {
 			return update, fmt.Errorf("could not find registry config for build: %v", err)
 		}
 		if !hasRegistryConf {
 			// Create the registry config ConfigMap to mount the regsitry config to the existing build pod
-			update, err = bc.createBuildRegistryConfConfigMap(build, existingPod, update)
+			update, err = bc.createBuildSystemConfConfigMap(build, existingPod, update)
 			if err != nil {
 				return update, err
 			}
@@ -989,7 +989,7 @@ func (bc *BuildController) createBuildPod(build *buildv1.Build) (*buildUpdate, e
 			return update, err
 		}
 		// Create the registry config ConfigMap to mount the registry configuration into the build pod
-		update, err = bc.createBuildRegistryConfConfigMap(build, pod, update)
+		update, err = bc.createBuildSystemConfConfigMap(build, pod, update)
 		if err != nil {
 			return nil, err
 		}
@@ -1498,23 +1498,23 @@ func (bc *BuildController) findOwnedConfigMap(owner *corev1.Pod, namespace strin
 	return true, nil
 }
 
-func (bc *BuildController) createBuildRegistryConfConfigMap(build *buildv1.Build, buildPod *corev1.Pod, update *buildUpdate) (*buildUpdate, error) {
-	configMapSpec := bc.createBuildRegistryConfigMapSpec(build, buildPod)
+func (bc *BuildController) createBuildSystemConfConfigMap(build *buildv1.Build, buildPod *corev1.Pod, update *buildUpdate) (*buildUpdate, error) {
+	configMapSpec := bc.createBuildSystemConfigMapSpec(build, buildPod)
 	configMap, err := bc.configMapClient.ConfigMaps(build.Namespace).Create(configMapSpec)
 	if err != nil {
-		bc.recorder.Eventf(build, corev1.EventTypeWarning, "FailedCreate", "Error creating build registry config configMap: %v", err)
-		update.setReason("CannotCreateRegistryConfConfigMap")
-		update.setMessage(buildutil.StatusMessageCannotCreateRegistryConfConfigMap)
-		return update, fmt.Errorf("failed to create build registry config configMap: %v", err)
+		bc.recorder.Eventf(build, corev1.EventTypeWarning, "FailedCreate", "Error creating build system config configMap: %v", err)
+		update.setReason("CannotCreateBuildSysConfigMap")
+		update.setMessage(buildutil.StatusMessageCannotCreateBuildSysConfigMap)
+		return update, fmt.Errorf("failed to create build system config configMap: %v", err)
 	}
-	glog.V(4).Infof("Created registry config configMap %s/%s for build %s", build.Namespace, configMap.Name, buildDesc(build))
+	glog.V(4).Infof("Created build system config configMap %s/%s for build %s", build.Namespace, configMap.Name, buildDesc(build))
 	return update, nil
 }
 
-func (bc *BuildController) createBuildRegistryConfigMapSpec(build *buildv1.Build, buildPod *corev1.Pod) *corev1.ConfigMap {
+func (bc *BuildController) createBuildSystemConfigMapSpec(build *buildv1.Build, buildPod *corev1.Pod) *corev1.ConfigMap {
 	cm := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: buildapihelpers.GetBuildRegistryConfigMapName(build),
+			Name: buildapihelpers.GetBuildSystemConfigMapName(build),
 			OwnerReferences: []metav1.OwnerReference{
 				makeBuildPodOwnerRef(buildPod),
 			},

pkg/build/controller/build/build_controller_test.go

@@ -378,7 +378,7 @@ func TestHandleBuild(t *testing.T) {
 					}
 					if !registryConfigMapCreated {
 						registryConfigMapCreated = true
-						return true, mockBuilRegistryConfigMap(tc.build, newPod), nil
+						return true, mockBuildSystemConfigMap(tc.build, newPod), nil
 					}
 					return false, nil, nil
 				})
@@ -1227,18 +1227,21 @@ func TestCreateBuildRegistryConfConfigMap(t *testing.T) {
 	defer bc.stop()
 	build := dockerStrategy(mockBuild(buildv1.BuildPhaseNew, buildv1.BuildOutput{}))
 	pod := mockBuildPod(build)
-	caMap := bc.createBuildRegistryConfigMapSpec(build, pod)
+	caMap := bc.createBuildSystemConfigMapSpec(build, pod)
 	if caMap == nil {
-		t.Error("registry config configMap was not created")
+		t.Error("build system config configMap was not created")
 	}
 	if !hasBuildPodOwnerRef(pod, caMap) {
-		t.Error("registry conf configMap is missing owner ref to the build pod")
+		t.Error("build system config configMap is missing owner ref to the build pod")
 	}
 	if _, hasConf := caMap.Data[buildutil.RegistryConfKey]; !hasConf {
-		t.Errorf("expected registry conf configMap to have key %s", buildutil.RegistryConfKey)
+		t.Errorf("expected build system config configMap to have key %s", buildutil.RegistryConfKey)
 	}
 	if caMap.Data[buildutil.RegistryConfKey] != dummyRegistryConf {
-		t.Errorf("expected registry conf configMap.%s to contain\n%s\ngot:\n%s", buildutil.RegistryConfKey, dummyCA, caMap.Data[buildutil.RegistryConfKey])
+		t.Errorf("expected build system config configMap.%s to contain\n%s\ngot:\n%s",
+			buildutil.RegistryConfKey,
+			dummyCA,
+			caMap.Data[buildutil.RegistryConfKey])
 	}
 }
 
@@ -1623,9 +1626,9 @@ func mockBuildCAConfigMap(build *buildv1.Build, pod *corev1.Pod) *corev1.ConfigM
 	return cm
 }
 
-func mockBuilRegistryConfigMap(build *buildv1.Build, pod *corev1.Pod) *corev1.ConfigMap {
+func mockBuildSystemConfigMap(build *buildv1.Build, pod *corev1.Pod) *corev1.ConfigMap {
 	cm := &corev1.ConfigMap{}
-	cm.Name = buildapihelpers.GetBuildRegistryConfigMapName(build)
+	cm.Name = buildapihelpers.GetBuildSystemConfigMapName(build)
 	cm.Namespace = build.Namespace
 	if pod != nil {
 		pod.OwnerReferences = []metav1.OwnerReference{

pkg/build/controller/strategy/custom.go

@@ -137,9 +137,8 @@ func (bs *CustomBuildStrategy) CreateBuildPod(build *buildv1.Build, includeAddit
 	setupSourceSecrets(pod, &pod.Spec.Containers[0], build.Spec.Source.SourceSecret)
 	setupInputSecrets(pod, &pod.Spec.Containers[0], build.Spec.Source.Secrets)
 	setupAdditionalSecrets(pod, &pod.Spec.Containers[0], build.Spec.Strategy.CustomStrategy.Secrets)
-	setupContainersConfigs(pod, &pod.Spec.Containers[0])
+	setupContainersConfigs(build, pod)
 	setupBuildCAs(build, pod, includeAdditionalCA)
-	setupRegistries(build, pod)
 	setupContainersStorage(pod, &pod.Spec.Containers[0]) // for unprivileged builds
 	return pod, nil
 }

pkg/build/controller/strategy/custom_test.go

@@ -66,18 +66,16 @@ func TestCustomCreateBuildPod(t *testing.T) {
 	// additional secrets
 	// build-system-configmap
 	// certificate authorities
-	// registry config
 	// container storage
-	if len(container.VolumeMounts) != 8 {
-		t.Fatalf("Expected 8 volumes in container, got %d", len(container.VolumeMounts))
+	if len(container.VolumeMounts) != 7 {
+		t.Fatalf("Expected 7 volumes in container, got %d", len(container.VolumeMounts))
 	}
 	expectedMounts := []string{"/var/run/docker.sock",
 		DockerPushSecretMountPath,
 		sourceSecretMountPath,
 		"secret",
 		ConfigMapBuildSystemConfigsMountPath,
 		ConfigMapCertsMountPath,
-		ConfigMapRegistryConfMountPath,
 		"/var/lib/containers/storage",
 	}
 	for i, expected := range expectedMounts {
@@ -96,8 +94,8 @@ func TestCustomCreateBuildPod(t *testing.T) {
 	if !kapihelper.Semantic.DeepEqual(container.Resources, build.Spec.Resources) {
 		t.Fatalf("Expected actual=expected, %v != %v", container.Resources, build.Spec.Resources)
 	}
-	if len(actual.Spec.Volumes) != 8 {
-		t.Fatalf("Expected 8 volumes in Build pod, got %d", len(actual.Spec.Volumes))
+	if len(actual.Spec.Volumes) != 7 {
+		t.Fatalf("Expected 7 volumes in Build pod, got %d", len(actual.Spec.Volumes))
 	}
 	buildJSON, _ := runtime.Encode(customBuildEncodingCodecFactory.LegacyCodec(buildv1.GroupVersion), build)
 	errorCases := map[int][]string{

pkg/build/controller/strategy/docker.go

@@ -146,7 +146,6 @@ func (bs *DockerBuildStrategy) CreateBuildPod(build *buildv1.Build, includeAddit
 			Resources:       build.Spec.Resources,
 		}
 		setupDockerSecrets(pod, &extractImageContentContainer, build.Spec.Output.PushSecret, strategy.PullSecret, build.Spec.Source.Images)
-		setupContainersConfigs(pod, &extractImageContentContainer)
 		setupContainersStorage(pod, &extractImageContentContainer)
 		pod.Spec.InitContainers = append(pod.Spec.InitContainers, extractImageContentContainer)
 	}
@@ -180,9 +179,8 @@ func (bs *DockerBuildStrategy) CreateBuildPod(build *buildv1.Build, includeAddit
 	// TODO: consider moving this into the git-clone container and doing the secret copying there instead.
 	setupInputSecrets(pod, &pod.Spec.Containers[0], build.Spec.Source.Secrets)
 	setupInputConfigMaps(pod, &pod.Spec.Containers[0], build.Spec.Source.ConfigMaps)
-	setupContainersConfigs(pod, &pod.Spec.Containers[0])
+	setupContainersConfigs(build, pod)
 	setupBuildCAs(build, pod, includeAdditionalCA)
-	setupRegistries(build, pod)
 	setupContainersStorage(pod, &pod.Spec.Containers[0]) // for unprivileged builds
 	// setupContainersNodeStorage(pod, &pod.Spec.Containers[0]) // for privileged builds
 	return pod, nil

pkg/build/controller/strategy/docker_test.go

@@ -70,10 +70,9 @@ func TestDockerCreateBuildPod(t *testing.T) {
 	// inputconfigmap
 	// build-system-config
 	// certificate authorities
-	// registry config
 	// container storage
-	if len(container.VolumeMounts) != 9 {
-		t.Fatalf("Expected 9 volumes in container, got %d", len(container.VolumeMounts))
+	if len(container.VolumeMounts) != 8 {
+		t.Fatalf("Expected 8 volumes in container, got %d", len(container.VolumeMounts))
 	}
 	if *actual.Spec.ActiveDeadlineSeconds != 60 {
 		t.Errorf("Expected ActiveDeadlineSeconds 60, got %d", *actual.Spec.ActiveDeadlineSeconds)
@@ -85,7 +84,6 @@ func TestDockerCreateBuildPod(t *testing.T) {
 		filepath.Join(ConfigMapBuildSourceBaseMountPath, "build-config"),
 		ConfigMapBuildSystemConfigsMountPath,
 		ConfigMapCertsMountPath,
-		ConfigMapRegistryConfMountPath,
 		"/var/lib/containers/storage",
 	}
 	for i, expected := range expectedMounts {
@@ -94,8 +92,8 @@ func TestDockerCreateBuildPod(t *testing.T) {
 		}
 	}
 	// build pod has an extra volume: the git clone source secret
-	if len(actual.Spec.Volumes) != 10 {
-		t.Fatalf("Expected 10 volumes in Build pod, got %d", len(actual.Spec.Volumes))
+	if len(actual.Spec.Volumes) != 9 {
+		t.Fatalf("Expected 9 volumes in Build pod, got %d", len(actual.Spec.Volumes))
 	}
 	if !kapihelper.Semantic.DeepEqual(container.Resources, build.Spec.Resources) {
 		t.Fatalf("Expected actual=expected, %v != %v", container.Resources, build.Spec.Resources)

pkg/build/controller/strategy/sti.go

@@ -151,7 +151,6 @@ func (bs *SourceBuildStrategy) CreateBuildPod(build *buildv1.Build, includeAddit
 			Resources:       build.Spec.Resources,
 		}
 		setupDockerSecrets(pod, &extractImageContentContainer, build.Spec.Output.PushSecret, strategy.PullSecret, build.Spec.Source.Images)
-		setupContainersConfigs(pod, &extractImageContentContainer)
 		setupContainersStorage(pod, &extractImageContentContainer)
 		pod.Spec.InitContainers = append(pod.Spec.InitContainers, extractImageContentContainer)
 	}
@@ -185,9 +184,8 @@ func (bs *SourceBuildStrategy) CreateBuildPod(build *buildv1.Build, includeAddit
 	// TODO: consider moving this into the git-clone container and doing the secret copying there instead.
 	setupInputSecrets(pod, &pod.Spec.Containers[0], build.Spec.Source.Secrets)
 	setupInputConfigMaps(pod, &pod.Spec.Containers[0], build.Spec.Source.ConfigMaps)
-	setupContainersConfigs(pod, &pod.Spec.Containers[0])
+	setupContainersConfigs(build, pod)
 	setupBuildCAs(build, pod, includeAdditionalCA)
-	setupRegistries(build, pod)
 	setupContainersStorage(pod, &pod.Spec.Containers[0]) // for unprivileged builds
 	// setupContainersNodeStorage(pod, &pod.Spec.Containers[0]) // for privileged builds
 	return pod, nil

pkg/build/controller/strategy/sti_test.go

@@ -110,10 +110,9 @@ func testSTICreateBuildPod(t *testing.T, rootAllowed bool) {
 	// inputconfigmap
 	// build-system-configmap
 	// certificate authorities
-	// registry conf
 	// container storage
-	if len(container.VolumeMounts) != 9 {
-		t.Fatalf("Expected 9 volumes in container, got %d %v", len(container.VolumeMounts), container.VolumeMounts)
+	if len(container.VolumeMounts) != 8 {
+		t.Fatalf("Expected 8 volumes in container, got %d %v", len(container.VolumeMounts), container.VolumeMounts)
 	}
 	expectedMounts := []string{buildutil.BuildWorkDirMount,
 		DockerPushSecretMountPath,
@@ -122,7 +121,6 @@ func testSTICreateBuildPod(t *testing.T, rootAllowed bool) {
 		filepath.Join(ConfigMapBuildSourceBaseMountPath, "configmap"),
 		ConfigMapBuildSystemConfigsMountPath,
 		ConfigMapCertsMountPath,
-		ConfigMapRegistryConfMountPath,
 		"/var/lib/containers/storage",
 	}
 	for i, expected := range expectedMounts {
@@ -131,8 +129,8 @@ func testSTICreateBuildPod(t *testing.T, rootAllowed bool) {
 		}
 	}
 	// build pod has an extra volume: the git clone source secret
-	if len(actual.Spec.Volumes) != 10 {
-		t.Fatalf("Expected 10 volumes in Build pod, got %d", len(actual.Spec.Volumes))
+	if len(actual.Spec.Volumes) != 9 {
+		t.Fatalf("Expected 9 volumes in Build pod, got %d", len(actual.Spec.Volumes))
 	}
 	if *actual.Spec.ActiveDeadlineSeconds != 60 {
 		t.Errorf("Expected ActiveDeadlineSeconds 60, got %d", *actual.Spec.ActiveDeadlineSeconds)