From f13b1a526970e25df9e12c645836a4a4ba8b4fcc Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Sat, 27 Jan 2018 05:04:36 -0800
Subject: [PATCH] Support private docker registry in installer (#310)

* Support private docker registry in installer

* Add --image-pull-secret
---
 docs/setup/install.md               | 15 +++++++++++++++
 hack/deploy/admission/operator.yaml |  6 ++++--
 hack/deploy/operator.yaml           |  4 +++-
 hack/deploy/stash.sh                | 13 +++++++++++++
 4 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/docs/setup/install.md b/docs/setup/install.md
index 98419d634..9611b10c9 100644
--- a/docs/setup/install.md
+++ b/docs/setup/install.md
@@ -27,6 +27,8 @@ options:
 -h, --help                         show brief help
 -n, --namespace=NAMESPACE          specify namespace (default: kube-system)
     --rbac                         create RBAC roles and bindings
+    --docker-registry              docker registry used to pull stash images (default: appscode)
+    --image-pull-secret            name of secret used to pull stash operator images
     --run-on-master                run stash operator on master
     --enable-admission-webhook     configure admission webhook for stash CRDs
     --enable-initializer           configure stash operator as workload initializer
@@ -55,6 +57,19 @@ $ curl -fsSL https://raw.githubusercontent.com/appscode/stash/0.7.0-alpha.0/hack
     | bash -s -- --namespace=stash [--run-on-master] [--rbac]
 ```
 
+If you are using a private Docker registry, you need to pull the following 2 docker images:
+
+ - [appscode/stash](https://hub.docker.com/r/appscode/stash)
+ - [appscode/kubectl](https://hub.docker.com/r/appscode/kubectl)
+
+To pass the address of your private registry and optionally a image pull secret use flags `--docker-registry` and `--image-pull-secret` respectively.
+
+```console
+$ kubectl create namespace stash
+$ curl -fsSL https://raw.githubusercontent.com/appscode/stash/0.7.0-alpha.0/hack/deploy/stash.sh \
+    | bash -s -- --docker-registry=MY_REGISTRY [--image-pull-secret=SECRET_NAME] [--rbac]
+```
+
 Stash implements a [validating admission webhook](https://kubernetes.io/docs/admin/admission-controllers/#validatingadmissionwebhook-alpha-in-18-beta-in-19) to validate Stash CRDs. To enable this feature, pass the `--enable-admission-webhook` flag. _Please note that, this works with Kubernetes 1.9 or following versions_.
 
 ```console
diff --git a/hack/deploy/admission/operator.yaml b/hack/deploy/admission/operator.yaml
index 0102a6fd2..563cc0422 100644
--- a/hack/deploy/admission/operator.yaml
+++ b/hack/deploy/admission/operator.yaml
@@ -20,13 +20,15 @@ spec:
         scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
       serviceAccountName: $STASH_SERVICE_ACCOUNT
+      imagePullSecrets: ["$STASH_IMAGE_PULL_SECRET"]
       containers:
       - name: operator
         args:
         - run
         - --v=3
         - --rbac=$STASH_ENABLE_RBAC
-        image: appscode/stash:0.7.0-alpha.0
+        - --docker-registry=$STASH_DOCKER_REGISTRY
+        image: $STASH_DOCKER_REGISTRY/stash:0.7.0-alpha.0
         ports:
         - containerPort: 56790
           name: http
@@ -53,7 +55,7 @@ spec:
         - --tls-cert-file=/var/serving-cert/tls.crt
         - --tls-private-key-file=/var/serving-cert/tls.key
         - --v=8
-        image: appscode/stash:admit
+        image: $STASH_DOCKER_REGISTRY/stash:0.7.0-alpha.0
         ports:
         - containerPort: 8443
         volumeMounts:
diff --git a/hack/deploy/operator.yaml b/hack/deploy/operator.yaml
index c183fa772..1d9c9811f 100644
--- a/hack/deploy/operator.yaml
+++ b/hack/deploy/operator.yaml
@@ -20,13 +20,15 @@ spec:
         scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
       serviceAccountName: $STASH_SERVICE_ACCOUNT
+      imagePullSecrets: ["$STASH_IMAGE_PULL_SECRET"]
       containers:
       - name: operator
         args:
         - run
         - --v=3
         - --rbac=$STASH_ENABLE_RBAC
-        image: appscode/stash:0.7.0-alpha.0
+        - --docker-registry=$STASH_DOCKER_REGISTRY
+        image: $STASH_DOCKER_REGISTRY/stash:0.7.0-alpha.0
         ports:
         - containerPort: 56790
           name: http
diff --git a/hack/deploy/stash.sh b/hack/deploy/stash.sh
index 5f50fe61f..cab6a3d4c 100755
--- a/hack/deploy/stash.sh
+++ b/hack/deploy/stash.sh
@@ -10,6 +10,8 @@ export STASH_ENABLE_RBAC=false
 export STASH_RUN_ON_MASTER=0
 export STASH_ENABLE_INITIALIZER=false
 export STASH_ENABLE_ADMISSION_WEBHOOK=false
+export STASH_DOCKER_REGISTRY=appscode
+export STASH_IMAGE_PULL_SECRET=
 
 show_help() {
     echo "stash.sh - install stash operator"
@@ -20,6 +22,8 @@ show_help() {
     echo "-h, --help                         show brief help"
     echo "-n, --namespace=NAMESPACE          specify namespace (default: kube-system)"
     echo "    --rbac                         create RBAC roles and bindings"
+    echo "    --docker-registry              docker registry used to pull stash images (default: appscode)"
+    echo "    --image-pull-secret            name of secret used to pull stash operator images"
     echo "    --run-on-master                run stash operator on master"
     echo "    --enable-admission-webhook     configure admission webhook for stash CRDs"
     echo "    --enable-initializer           configure stash operator as workload initializer"
@@ -45,6 +49,15 @@ while test $# -gt 0; do
             export STASH_NAMESPACE=`echo $1 | sed -e 's/^[^=]*=//g'`
             shift
             ;;
+        --docker-registry*)
+            export STASH_DOCKER_REGISTRY=`echo $1 | sed -e 's/^[^=]*=//g'`
+            shift
+            ;;
+        --image-pull-secret*)
+            secret=`echo $1 | sed -e 's/^[^=]*=//g'`
+            export STASH_IMAGE_PULL_SECRET="name: secret"
+            shift
+            ;;
         --enable-admission-webhook)
             export STASH_ENABLE_ADMISSION_WEBHOOK=true
             shift