github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/cmd/imagescan/config/config.go

github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/cmd/imagescan/config/config.go (about)

     1  package config
     2  
     3  import (
     4  	"errors"
     5  	"io/fs"
     6  	"os"
     7  	"time"
     8  
     9  	"github.com/kelseyhightower/envconfig"
    10  )
    11  
    12  type Mode string
    13  
    14  const (
    15  	ModeRemote Mode = "remote"
    16  	ModeDaemon Mode = "daemon"
    17  	ModeHostFS Mode = "hostfs"
    18  	// ModeTarArchive is currently used only to test local tar archive images.
    19  	// Loading image from docker daemon on macOS is super slow.
    20  	ModeTarArchive Mode = "tar"
    21  )
    22  
    23  type Runtime string
    24  
    25  const (
    26  	RuntimeDocker     = "docker"
    27  	RuntimeContainerd = "containerd"
    28  )
    29  
    30  const (
    31  	ContainerdContentDir = "/var/lib/containerd/io.containerd.content.v1.content"
    32  	SecretMountPath      = "/secret"
    33  )
    34  
    35  type Config struct {
    36  	CastaiClusterID   string `envconfig:"CASTAI_CLUSTER_ID" required:"true"`
    37  	CastaiAPIGrpcAddr string `envconfig:"CASTAI_API_GRPC_ADDR" required:"true"`
    38  	// The api key is required, but we support two differnt ways of setting it.
    39  	CastaiAPIKey       string `envconfig:"CASTAI_API_KEY"`
    40  	CastaiGRPCInsecure bool   `envconfig:"CASTAI_GRPC_INSECURE"`
    41  
    42  	BlobsCacheURL     string        `envconfig:"COLLECTOR_BLOBS_CACHE_URL"`
    43  	ImageID           string        `envconfig:"COLLECTOR_IMAGE_ID" required:"true"`
    44  	ImageName         string        `envconfig:"COLLECTOR_IMAGE_NAME" required:"true"`
    45  	ImageArchitecture string        `envconfig:"COLLECTOR_IMAGE_ARCHITECTURE" required:"true"`
    46  	ImageOS           string        `envconfig:"COLLECTOR_IMAGE_OS" required:"true"`
    47  	ImagePullSecret   string        `envconfig:"COLLECTOR_PULL_SECRET" default:""`
    48  	Timeout           time.Duration `envconfig:"COLLECTOR_TIMEOUT" default:"5m"`
    49  	Mode              Mode          `envconfig:"COLLECTOR_MODE"`
    50  	Runtime           Runtime       `envconfig:"COLLECTOR_RUNTIME" required:"true"`
    51  	ResourceIDs       string        `envconfig:"COLLECTOR_RESOURCE_IDS" required:"true"`
    52  	DockerOptionPath  string        `envconfig:"COLLECTOR_DOCKER_OPTION_PATH" default:""`
    53  	PprofAddr         string        `envconfig:"COLLECTOR_PPROF_ADDR" default:""`
    54  	Parallel          int           `envconfig:"COLLECTOR_PARALLEL" default:"1"`
    55  	// ImageLocalTarPath is used only with ModeTarArchive for local dev.
    56  	ImageLocalTarPath string
    57  }
    58  
    59  func FromEnv() (Config, error) {
    60  	var cfg Config
    61  	if err := envconfig.Process("", &cfg); err != nil {
    62  		return Config{}, err
    63  	}
    64  
    65  	if cfg.CastaiAPIKey == "" {
    66  		// fall back to non `CASTAI` prefix env variable
    67  		if apiKey, found := os.LookupEnv("API_KEY"); found {
    68  			cfg.CastaiAPIKey = apiKey
    69  		} else {
    70  			return Config{}, errors.New("required environment variable not set: CASTAI_API_KEY or API_KEY are missing")
    71  		}
    72  	}
    73  
    74  	return cfg, nil
    75  }
    76  
    77  // ReadImagePullSecret explicitly mounted at mountPath.
    78  func ReadImagePullSecret(mount fs.FS) ([]byte, error) {
    79  	/*
    80  		apiVersion: v1
    81  		kind: Secret
    82  		type: kubernetes.io/dockerconfigjson
    83  		data:
    84  			.dockerconfigjson: "<base64 encoded ~/.docker/config.json>"
    85  	*/
    86  	// When mounted, data keys become plain text files in the filesystem.
    87  	return fs.ReadFile(mount, ".dockerconfigjson")
    88  }